CVE-2022-35893

HIGH Year: 2022
CVSS v3 Score
8.2
High
Weakness Type
CWE-20
View all →

Vulnerability Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Related Vulnerabilities

CVE-2012-1168

HIGH
CVSS:8.2(High)

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CWE-202012

CVE-2016-1182

HIGH
CVSS:8.2(High)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a ...

CWE-202016

CVE-2016-1441

HIGH
CVSS:8.2(High)

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...

CWE-202016

CVE-2017-1000368

HIGH
CVSS:8.2(High)

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...

CWE-202017

CVE-2017-3752

HIGH
CVSS:8.2(High)

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

CWE-202017