Insyde Software Security Advisories for InsydeH2O UEFI Firmware:
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2024-1298 |
5.3 |
[EDK2] FirmwarePerformancePei: Potential UINT32 overflow and subsequent divide by 0 |
INSYDE-SA-2024006 |
09/10/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
7.4 |
SMM memory corruption vulnerability could lead to escalating privileges in SMM. (CWE-822) |
INSYDE-SA-2024001 |
05/13/2024 |
05/13/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-47252 |
4.7 |
PnpSmm: Possible out of bounds in SMM communication buffer, leading to tampering. |
INSYDE-SA-2023067 |
04/09/2024 |
04/09/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-28149 |
6.1 |
IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables. |
INSYDE-SA-2023040 |
03/12/2024 |
03/12/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
5.3~8.3 |
VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation. |
INSYDE-SA-2023066 |
01/16/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
7 |
VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification. |
INSYDE-SA-2023031 |
01/09/2024 |
01/09/2024 |
Insyde Software Security Advisories for Supervyse BMC Firmware:
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
Low |
Upgrade OpenSSL to 3.2.1 |
INSYDE-SA-2024009 |
09/10/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2024-26306 |
TBD |
Upgrade iperf3 to 3.17 |
INSYDE-SA-2024005 |
08/19/2024 |
08/19/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
N/A |
Upgrade libexpat to 2.6.2 |
INSYDE-SA-2024004 |
05/13/2024 |
05/13/2024 |
Multiple |
5.5~8.1 |
Upgrade libcurl to 8.7.1 |
INSYDE-SA-2024002 |
05/13/2024 |
05/13/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
5.3~6.5 |
Upgrade to curl version 8.5.0 |
INSYDE-SA-2023068 |
03/12/2024 |
03/12/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-38545 |
9.8 |
curl: SOCKS5 heap buffer overflow. |
INSYDE-SA-2023065 |
01/09/2024 |
01/09/2024 |