Lucene search
K

123 matches found

CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O IhisiSmm, which stems from the parameter buffer bei...

6.4CVSS6.7AI score0.00132EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.34 views

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

6.5AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-21191 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Insyde InsydeH2O Kernel 5.3 version 05.36.23 Insyde InsydeH2O Kernel 5.4 version 05.44.23 Insyde InsydeH2O Kernel 5.5 version 05.52.23 Description: The issue arises from DMA attacks on the parameter...

6.4CVSS7.2AI score0.00174EPSS
Exploits0References6
CVE
CVE
added 2022/11/14 12:0 a.m.80 views

CVE-2022-33982

CVE-2022-33982 concerns a DMA-based TOCTOU vulnerability in the Int15ServiceSmm software SMI handler. The parameter buffer accessed by the SMI handler is susceptible to DMA manipulation, allowing an attacker to alter values after they are checked but before use, potentially causing SMRAM corrupti...

6.4CVSS6.4AI score0.00151EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.7 views

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

7.2AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2022/11/14 12:0 a.m.72 views

CVE-2022-32266

The connected records provide concrete details for CVE-2022-32266 affecting Insyde InsydeH2O. The vulnerability arises from DMA attacks against the parameter buffer used by the PcdSmmDxe software SMI handler, enabling a TOCTOU race condition that can corrupt other ACPI fields and adjacent memory....

6.4CVSS6.3AI score0.00174EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.73 views

CVE-2022-33986

CVE-2022-33986 concerns DMA attacks on the parameter buffer used by the InsydeH2O/VariableRuntimeDxe SMI handler, potentially enabling a TOCTOU attack and SMRAM corruption. Public sources specify the vulnerable component as the VariableRuntimeDxe driver’s SMI handler parameter buffer, with exploi...

6.4CVSS6.4AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.71 views

CVE-2022-30774

CVE-2022-30774 describes a TOCTOU vulnerability in the parameter buffer used by the PnpSmm driver, enabling DMA to modify contents after parameter values are checked but before use. Documented for Siemens RuggedCom APE1808 products with InsydeH2O UEFI firmware, the CVSS base score is 6.4 (AV:L/AC...

6.4CVSS6.5AI score0.00151EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.28 views

CVE-2022-33986

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

6.6AI score0.00132EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.6 views

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

7.1AI score0.00132EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.8 views

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

6.3AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.4 views

CVE-2022-30774

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

7.4AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2022/11/14 12:0 a.m.78 views

CVE-2022-30773

CVE-2022-30773 describes DMA attacks against the parameter buffer of the IhisiSmm driver, enabling a TOCTOU where an attacker could alter data after parameter validation but before use. The issue is addressed by kernel fixes: Kernel 5.4 (05.44.23) and Kernel 5.5 (05.52.23). Affected component: Ih...

6.4CVSS6.3AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.35 views

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

6.6AI score0.00151EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/06/02 12:0 a.m.17 views

ThunderSpy

A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device. Recent assessments: agalauner-r7 at May 11, 2020 4:37pm UTC reported: The risks of DMA...

0.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2020/05/11 4:8 p.m.38 views

7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years

A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed 'ThunderSpy,' the vulnerabilities can be exploited in 9 realisti...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/18 11:0 a.m.199 views

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP...

9.9AI score0.26869EPSS
Exploits0References5
myhack58
myhack58
added 2019/03/01 12:0 a.m.111 views

New found thunderclap vulnerability allows hackers to use a Thunderbolt/USB-C peripheral attack PC-vulnerability warning-the black bar safety net

Earlier by the Cambridge University computer science and Technology Department, Rice University, and Stanford Institute of International Studies a group of researchers announced a new vulnerability Thunderclap, affecting all major platforms, including MacOS and Windows. The vulnerability affects...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2019/02/27 3:45 p.m.90 views

Thunderclap Flaws Shatter Peripheral Security

UPDATE A set of vulnerabilities collectively dubbed “Thunderclap” is putting computers at risk from weaponized peripheral devices think network cards, storage and graphics cards, and even chargers and video projectors. The flaws reside in the Thunderbolt hardware interface developed by Intel in...

0.2AI score
Exploits0References6
OpenVAS
OpenVAS
added 2018/06/25 12:0 a.m.38 views

Microsoft Windows: Block SBP-2 Driver and Thunderbolt controllers (Driver Setup Class)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenysbp2thunderboltdriver.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Blocking the SBP-2 driver and Thunderbolt controllers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
Rows per page
Query Builder