Lucene search
K

22 matches found

Hewlett-Packard
Hewlett-Packard
added 2026/03/24 12:0 a.m.8 views

Insyde BIOS SMM Memory Corruption Security Update

A potential security vulnerability has been identified in certain HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs...

8.2CVSS6AI score0.00127EPSS
Exploits0Affected Software20
Hewlett-Packard
Hewlett-Packard
added 2025/10/21 12:0 a.m.10 views

Insyde BIOS Buffer Overflow in certain HP ARM-Based PCs

A potential security vulnerability has been identified in certain ARM-based HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and...

7.8CVSS7.3AI score0.0023EPSS
Exploits0Affected Software4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-18070

Malicious code in bioql PyPI...

7.8CVSS9.2AI score0.00395EPSS
Exploits0References3
Lenovo
Lenovo
added 2025/07/29 4:9 p.m.4 views

Insyde BIOS Vulnerabilities - Lenovo Support US

No description provided...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/13 1:19 a.m.7 views

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS9.6AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 1:15 a.m.10 views

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS0.00395EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/11 12:25 a.m.4 views

CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS9.6AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/11 12:25 a.m.35 views

CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS0.00395EPSS
Exploits0References1
CVE
CVE
added 2025/06/11 12:25 a.m.88 views

CVE-2025-4275

CVE-2025-4275 affects InsydeH2O UEFI firmware/applications. Root cause: unsafe handling of an NVRAM variable used to store signing certificates, enabling a attacker to inject their own certificate and bypass Secure Boot. Impact: execution of unsigned or malicious UEFI code before OS load, potenti...

7.8CVSS9.6AI score0.00395EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

Insyde InsydeH2O kernel 安全漏洞

Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...

7.5CVSS6.8AI score0.004EPSS
Exploits0References2
Hewlett-Packard
Hewlett-Packard
added 2024/06/28 12:0 a.m.28 views

Certain HP PC BIOS Logo Vulnerabilities

Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...

7.8CVSS7.8AI score0.01858EPSS
Exploits1Affected Software450
Hewlett-Packard
Hewlett-Packard
added 2024/06/18 12:0 a.m.30 views

Insyde BIOS June 2024 EDK II Reference Vulnerabilities

Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS Insyde H20 UEFI Firmware, which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate the...

7.8CVSS8.2AI score0.00288EPSS
Exploits0Affected Software312
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.18 views

Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. Insyde BIOS is typically...

8.8CVSS8AI score0.00212EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.28 views

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41838)

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. Insyde BIOS is...

8.2CVSS8.1AI score0.00301EPSS
Exploits0References5
ICS
ICS
added 2023/09/12 12:0 a.m.116 views

Siemens RUGGEDCOM APE1808 Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

5.5CVSS8.3AI score0.00178EPSS
Exploits0References12
Lenovo
Lenovo
added 2023/04/11 2:51 p.m.5 views

Insyde BIOS Vulnerabilities - Lenovo Support US

No description provided...

6.8AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.69 views

K45810018: Multiple Insyde BIOS/EFI vulnerabilities

Security Advisory Description CVE-2020-5953 A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can resu...

8.2CVSS8.2AI score0.00351EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running o...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/06 12:0 a.m.37 views

Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1)

source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memory...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/06 12:0 a.m.43 views

Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)

// source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memor...

7.4AI score
Exploits0
Rows per page
Query Builder