Vulnerabilities > Google > Asylo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-22552 | Out-of-bounds Read vulnerability in Google Asylo An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. | 5.5 |
| 2020-12-15 | CVE-2020-8944 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. | 5.5 |
| 2020-12-15 | CVE-2020-8943 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. | 5.5 |
| 2020-12-15 | CVE-2020-8942 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. | 5.5 |
| 2020-12-15 | CVE-2020-8941 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. | 5.5 |
| 2020-12-15 | CVE-2020-8940 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. | 5.5 |
| 2020-12-15 | CVE-2020-8939 | Out-of-bounds Read vulnerability in Google Asylo An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. | 5.5 |
| 2020-12-15 | CVE-2020-8936 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. | 5.5 |
| 2020-08-12 | CVE-2020-8905 | Classic Buffer Overflow vulnerability in Google Asylo A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. | 6.5 |