Lucene search
K

118 matches found

CNVD
CNVD
added 2022/02/08 12:0 a.m.50 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10280)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploite...

7.2CVSS5AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2022/02/03 2:15 a.m.5 views

CVE-2022-24030

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...

7.5CVSS7.3AI score0.00302EPSS
Exploits0References5
NVD
NVD
added 2022/02/03 2:15 a.m.29 views

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver...

7.2CVSS0.00345EPSS
Exploits0References5
OSV
OSV
added 2022/02/03 2:15 a.m.6 views

CVE-2021-43323

An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in Syste...

8.2CVSS7.6AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/03 1:13 a.m.34 views

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver...

7.6AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2022/02/03 1:13 a.m.106 views

CVE-2021-42059

CVE-2021-42059 affects Insyde InsydeH2O Kernel 5.0 (before 05.08.41), 5.1 (before 05.16.41), 5.2 (before 05.26.41), 5.3 (before 05.35.41), and 5.4 (before 05.42.20). The issue is a stack-based buffer overflow in the UEFI DisplayTypeDxe DXE driver that leads to arbitrary code execution. The vulner...

7.2CVSS7.5AI score0.00345EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/03 12:15 a.m.3 views

CVE-2022-24069

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in...

8.2CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2022/01/05 11:15 p.m.3 views

CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

8.2CVSS6AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2021/09/14 12:0 a.m.3 views

UBUNTU-CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

8.1CVSS6.9AI score0.01855EPSS
Exploits1References5
OSV
OSV
added 2021/05/24 11:2 a.m.3 views

OESA-2021-1192 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Integer overflow in DxeImageVerificationHandler EDK II may allow an authenticated user to potentially enable denial of service via local access.CVE-2019-14562...

5.5CVSS6.7AI score0.00306EPSS
Exploits0References2
Prion
Prion
added 2020/01/31 4:15 p.m.17 views

Integer overflow

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

7.2CVSS7.3AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2020/01/31 3:8 p.m.104 views

CVE-2014-4859

CVE-2014-4859 is an integer overflow in the Drive Execution Environment (DXE) capsule processing of the UEFI Capsule Update mechanism in the open-source EDK2 UEFI implementation; CVE-2014-4860 covers overflow in the PEI phase during capsule coalescing. Impact: potential bypass of access restricti...

7.2CVSS6.6AI score0.00587EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/12/31 12:0 a.m.2 views

UBUNTU-CVE-2019-14575

Logic issue in DxeImageVerificationHandler for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS6.7AI score0.00363EPSS
Exploits0References3
CNVD
CNVD
added 2019/03/28 12:0 a.m.3 views

EDK2 Buffer Overflow Vulnerability (CNVD-2019-08728)

EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A buffer overflow vulnerability exists in EDK2's DxeCore, which can be exploited by a local attacker to elevate privileges, disclose information, and/or cause a denial of service...

6.8CVSS6.9AI score0.00502EPSS
Exploits0References1
Prion
Prion
added 2018/10/23 1:29 p.m.21 views

Code injection

Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W,...

5.7CVSS5.4AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2018/10/23 1:0 p.m.62 views

CVE-2017-18313

CVE-2017-18313 affects Qualcomm Snapdragon platforms where DirectX/ DXE memory (DXE-accessible memory) is within the authenticated image, enabling potential access to tamper with the WCNSS firmware stored in DDR. Affected devices include Snapdragon Mobile and Wear variants across MSM8909W, SD 210...

5.7CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/23 1:0 p.m.22 views

CVE-2017-18313

Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W,...

5.5AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2014/10/06 12:0 a.m.4 views

PT-2019-6288 · Intel +7 · Edk Ii +7

Name of the Vulnerable Software and Affected Versions: EDK II affected versions not specified Description: The issue is related to an unlimited recursion in the EDK II UEFI development environment, specifically in DxeCore. This allows an attacker to access confidential data, compromise its...

10CVSS6AI score0.83223EPSS
Exploits8References127
Rows per page
Query Builder