Vulnerabilities > Insyde

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-01	CVE-2021-33626	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). local low complexity insyde siemens CWE-829	7.8
2021-06-16	CVE-2020-27339	Improper Input Validation vulnerability in multiple products In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. local low complexity insyde siemens CWE-20	6.7
2019-08-26	CVE-2019-12532	Unspecified vulnerability in Insyde products Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. local low complexity insyde	7.8

Vulnerabilities > Insyde {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Insyde"}]}