VYPR

H2OFFT

by Insyde

CVEs (2)

  • CVE-2019-12532HigAug 26, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version…

  • CVE-2021-33834HigSep 8, 2023
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.