Total
7242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9108 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | |||||
| CVE-2020-9107 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | |||||
| CVE-2020-9096 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. | |||||
| CVE-2020-9094 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | |||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
| CVE-2020-9087 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. | |||||
| CVE-2020-9071 | 1 Huawei | 34 Ar120-s, Ar120-s Firmware, Ar1200 and 31 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 | |||||
| CVE-2020-8943 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f | |||||
| CVE-2020-8942 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200 | |||||
| CVE-2020-8941 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec | |||||
| CVE-2020-8940 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131e | |||||
| CVE-2020-8939 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4 | |||||
| CVE-2020-8936 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave. | |||||
| CVE-2020-8883 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880. | |||||
| CVE-2020-8880 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. | |||||
| CVE-2020-8879 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. | |||||
| CVE-2020-8877 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. | |||||
| CVE-2020-8876 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029. | |||||
| CVE-2020-8872 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428. | |||||
| CVE-2020-8870 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files from the GetTIFPalette method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9931. | |||||