Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
google asylo vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2021-22548
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6...
Google Asylo
4.6
CVSSv2
CVE-2021-22549
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Google Asylo
4.6
CVSSv2
CVE-2021-22550
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c
Google Asylo
2.1
CVSSv2
CVE-2021-22552
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted malicious user to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the malicious user to read memory from within the secure enclav...
Google Asylo
2.1
CVSSv2
CVE-2020-8938
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an malicious user to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an malicious user to write memory values from within the enclave. We ...
Google Asylo
5.5
CVSSv2
CVE-2020-8904
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions before 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location ...
Google Asylo
4
CVSSv2
CVE-2020-8905
A buffer length validation vulnerability in Asylo versions before 0.6.0 allows an malicious user to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied in...
Google Asylo
4.6
CVSSv2
CVE-2020-8935
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an malicious user to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.
Google Asylo
2.1
CVSSv2
CVE-2020-8936
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an malicious user to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enc...
Google Asylo
2.1
CVSSv2
CVE-2020-8937
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an malicious user to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allo...
Google Asylo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »