How severe is CVE-2020-8872?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2020-8872?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2020-8872

MEDIUM Year: 2020

CVSS v3 Score

6.0

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-125

View all →

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428.

CVE-2016-5107

MEDIUM

CVSS:6.0(Medium)

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds rea...

CWE-1252016

CVE-2018-5683

MEDIUM

CVSS:6.0(Medium)

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CWE-1252018

CVE-2019-19927

MEDIUM

CVSS:6.0(Medium)

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read acc...

CWE-1252019

CVE-2020-11293

MEDIUM

CVSS:6.0(Medium)

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...

CWE-1252020

CVE-2020-2741

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily explo...

CWE-1252020

CVE-2020-2743

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily explo...

CWE-1252020

CVE-2020-8872

Vulnerability Description

Related Vulnerabilities

CVE-2016-5107

CVE-2018-5683

CVE-2019-19927

CVE-2020-11293

CVE-2020-2741

CVE-2020-2743