Lucene search
K

118 matches found

CVE
CVE
added 2023/11/08 10:27 p.m.67 views

CVE-2023-45075

CVE-2023-45075 describes a memory-leakage vulnerability in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. The issue is documented across multiple sources (NVD/Red Hat/NV mentions) and is associated with a CVSSv3.1 score of 6.7 (Me...

6.7CVSS6.3AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/08 10:27 p.m.34 views

CVE-2023-45075

A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

6.7CVSS6.6AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/08 10:27 p.m.15 views

CVE-2023-45075

A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

6.7CVSS6.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.6 views

PT-2023-29394 · Unknown · Swsmi Shadow Dxe Driver

Name of the Vulnerable Software and Affected Versions: SWSMI Shadow DXE driver affected versions not specified Description: A memory leakage issue was reported in the SWSMI Shadow DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables...

6.7CVSS6.3AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.7 views

PT-2023-29395 · Unknown · 534D0140 Dxe Driver

Name of the Vulnerable Software and Affected Versions: 534D0140 DXE driver affected versions not specified Description: A memory leakage issue was reported in the 534D0140 DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables. Recommendations: At t...

6.7CVSS6.3AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2023/11/01 10:15 p.m.5 views

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

9.8CVSS6.5AI score0.00487EPSS
Exploits0References2
NVD
NVD
added 2023/11/01 10:15 p.m.31 views

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

9.8CVSS9.7AI score0.00487EPSS
Exploits0References2
Prion
Prion
added 2023/11/01 10:15 p.m.26 views

Stack overflow

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

7.5CVSS9.6AI score0.00487EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.5 views

Insyde InsydeH2O Security Breach

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5, whi...

9.8CVSS7.9AI score0.00487EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/01 12:0 a.m.47 views

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

9.9AI score0.00487EPSS
Exploits0References2
Hewlett-Packard
Hewlett-Packard
added 2023/09/21 12:0 a.m.25 views

AMD Client UEFI DXE Driver Memory Leaks September 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow denial of service or information disclosure. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...

5.5CVSS7.3AI score0.00175EPSS
Exploits0Affected Software186
NVD
NVD
added 2023/09/20 6:15 p.m.51 views

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

5.5CVSS5.1AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2023/09/20 6:15 p.m.4 views

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2023/09/20 6:15 p.m.2 views

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

4.4CVSS5.8AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 6:15 p.m.51 views

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

4.4CVSS4.5AI score0.00175EPSS
Exploits0References1
Prion
Prion
added 2023/09/20 6:15 p.m.25 views

Input validation

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

1.4CVSS4.5AI score0.00175EPSS
Exploits0References1Affected Software125
Prion
Prion
added 2023/09/20 6:15 p.m.23 views

Input validation

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

1.7CVSS5AI score0.00171EPSS
Exploits0References1Affected Software101
Vulnrichment
Vulnrichment
added 2023/09/20 5:32 p.m.17 views

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

5.1AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2023/09/20 5:32 p.m.85 views

CVE-2023-20597

CVE-2023-20597 concerns improper initialization of variables in the AMD DXE driver, leading to potential local-information disclosure. The vulnerability is discussed across multiple sources (AMD/SB-4007 and related advisories), which describe memory-leak risks in the DXE driver and note mitigatio...

5.5CVSS5.1AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/20 5:27 p.m.64 views

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

4.8AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder