Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-15198 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. | 5.4 |
| 2020-09-25 | CVE-2020-15197 | Unspecified vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. | 6.3 |
| 2020-09-25 | CVE-2020-15194 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. | 5.3 |
| 2020-09-25 | CVE-2020-15192 | Improper Input Validation vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. | 4.3 |
| 2020-09-25 | CVE-2020-15191 | Unchecked Return Value vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. | 5.3 |
| 2020-09-25 | CVE-2020-15190 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. | 5.3 |
| 2020-09-21 | CVE-2020-6571 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2020-09-21 | CVE-2020-6570 | Information Exposure vulnerability in multiple products Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | 4.3 |
| 2020-09-21 | CVE-2020-6569 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 6.3 |
| 2020-09-21 | CVE-2020-6568 | Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |