Insyde CVE - OpenCVE

Filtered by vendor Insyde Subscribe

Total 104 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-5955	2 Insyde, Intel	21 Insydeh2o Uefi Bios, Cannon Lake, Coffee Lake and 18 more	2024-11-21	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
CVE-2020-5953	2 Insyde, Siemens	33 Insydeh2o, Ruggedcom Ape1808, Ruggedcom Ape1808 Firmware and 30 more	2024-11-21	6.9 MEDIUM	7.5 HIGH
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
CVE-2020-27339	2 Insyde, Siemens	33 Insydeh2o, Ruggedcom Apr1808, Ruggedcom Apr1808 Firmware and 30 more	2024-11-21	7.2 HIGH	6.7 MEDIUM
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
CVE-2019-12532	1 Insyde	6 H2oelv, H2offt, H2ooae and 3 more	2024-11-21	4.6 MEDIUM	7.8 HIGH
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.

Vulnerabilities (CVE)