Lucene search
K

142 matches found

Vulnrichment
Vulnrichment
added 2023/08/18 12:0 a.m.14 views

CVE-2023-27471

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerabili...

6.6AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2023/08/14 3:15 p.m.27 views

CVE-2023-31041

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure...

7.5CVSS7.7AI score0.00305EPSS
Exploits0References1
OSV
OSV
added 2023/08/14 3:15 p.m.3 views

CVE-2023-31041

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure...

7.5CVSS5.8AI score0.00305EPSS
Exploits0References1
Prion
Prion
added 2023/08/14 3:15 p.m.29 views

Information disclosure

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure...

5CVSS7.5AI score0.00305EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.14 views

CVE-2023-31041

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure...

6.2AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2023/08/07 3:15 p.m.27 views

CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM...

5.5CVSS6.2AI score0.00172EPSS
Exploits0References1
Prion
Prion
added 2023/08/07 3:15 p.m.21 views

Input validation

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM...

1.7CVSS6.1AI score0.00172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/07 12:0 a.m.29 views

CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM...

5.5AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2023/08/07 12:0 a.m.54 views

CVE-2023-27373

CVE-2023-27373 affects InsydeH2O BIOS (kernel 5.0–5.5). The issue arises from insufficient input validation, allowing an attacker with local access to tamper with a runtime EFI variable and cause a dynamic BAR setting to overlap SMRAM. Connected advisories confirm this family of vulnerabilities a...

5.5CVSS5.3AI score0.00172EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/08/03 3:15 p.m.27 views

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

6.5CVSS6.3AI score0.00154EPSS
Exploits0References2
Prion
Prion
added 2023/08/03 3:15 p.m.18 views

Code injection

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

1.7CVSS6.3AI score0.00154EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.27 views

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

6.5AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2023/04/12 1:15 p.m.33 views

CVE-2022-24350

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

5.5CVSS6.6AI score0.00178EPSS
Exploits0References2
Prion
Prion
added 2023/04/12 1:15 p.m.23 views

Command injection

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

1.7CVSS6.5AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/12 12:0 a.m.42 views

CVE-2022-24350

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

5.9AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2023/04/12 12:0 a.m.60 views

CVE-2022-24350

The CVE-2022-24350 issue affects Insyde InsydeH2O BIOS (IhisiSmm) for kernel 5.0–5.5. The IHISI function 0x17 verifies the output buffer is within the command buffer, but does not ensure that output data does not extend beyond the end of the command buffer. Specifically, GetFlashTable is called o...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/11 10:15 p.m.23 views

Memory corruption

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption...

4.3CVSS8.3AI score0.00212EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/11 9:15 p.m.34 views

CVE-2023-22612

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM...

8.8CVSS8.7AI score0.00228EPSS
Exploits0References3
NVD
NVD
added 2023/04/11 9:15 p.m.34 views

CVE-2023-22615

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM...

8.4CVSS8.2AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 9:15 p.m.35 views

CVE-2023-22614

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler...

8.8CVSS8.7AI score0.00378EPSS
Exploits1References3
Rows per page
Query Builder