Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-25	CVE-2020-15206	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. network low complexity google opensuse	7.5
2020-09-25	CVE-2020-15205	Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. network low complexity google opensuse CWE-787 critical	9.8
2020-09-25	CVE-2020-15204	In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. network low complexity google opensuse	5.3
2020-09-25	CVE-2020-15203	Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. network low complexity google opensuse CWE-134	7.5
2020-09-25	CVE-2020-15202	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. network high complexity google opensuse critical	9.0
2020-09-25	CVE-2020-15195	Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. network low complexity google opensuse CWE-787	8.8
2020-09-25	CVE-2020-15194	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. network low complexity google opensuse	5.3
2020-09-25	CVE-2020-15193	Use of Uninitialized Resource vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. network low complexity google opensuse CWE-908	7.1
2020-09-25	CVE-2020-15192	Improper Input Validation vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. network low complexity google opensuse CWE-20	4.3
2020-09-25	CVE-2020-15191	Unchecked Return Value vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. network low complexity google opensuse CWE-252	5.3