Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde insydeh2o 5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27373
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-27471
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. E...
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-31041
An issue exists in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to run arbitrary code execution during the DXE phase.
Insyde Insydeh2o 05.45.24.0039
Insyde Insydeh2o 05.44.45.0017
Insyde Insydeh2o 05.44.34.0055
Insyde Insydeh2o 05.53.28.0013
Insyde Insydeh2o 05.45.38.0005
Insyde Insydeh2o 05.53.23.0011
Insyde Insydeh2o 05.53.23.0014
Insyde Insydeh2o 05.53.22.0008
Insyde Insydeh2o 05.44.30.0022
Insyde Insydeh2o 05.43.06.0021
Insyde Insydeh2o 05.42.37.0031
NA
CVE-2023-22614
An issue exists in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
Insyde Insydeh2o 05.44.45.0028
Insyde Insydeh2o 05.44.45.0015
Insyde Insydeh2o 05.44.34.0054
Insyde Insydeh2o 05.42.52.0026
Insyde Insydeh2o 05.43.12.0056
Insyde Insydeh2o 05.43.01.0026
NA
CVE-2023-22612
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
Insyde Insydeh2o 05.28.03
Insyde Insydeh2o 05.37.03
Insyde Insydeh2o 05.45.01
Insyde Insydeh2o 05.53.01
Insyde Insydeh2o 05.0a.11
Insyde Insydeh2o 05.18.03
NA
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to send arbitrary data to SMM which could lead to privilege escalation.
Insyde Insydeh2o
Insyde Insydeh2o 5.5.05.53.22
Insyde Insydeh2o 5.6
Insyde Insydeh2o 5.6.05.60.22
NA
CVE-2023-22613
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
Insyde Insydeh2o 05.27.37
Insyde Insydeh2o 05.36.37
Insyde Insydeh2o 05.44.45
Insyde Insydeh2o 05.52.45
NA
CVE-2023-22615
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite p...
Insyde Insydeh2o 05.37.03
Insyde Insydeh2o 05.45.01
Insyde Insydeh2o 05.53.01
NA
CVE-2023-30633
An issue exists in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration t...
Insyde Insydeh2o 5.2
Insyde Insydeh2o
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »