Vulnerabilities > Opensuse > Leap > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-30 | CVE-2020-14374 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. | 8.8 |
2020-09-27 | CVE-2020-26117 | Improper Certificate Validation vulnerability in multiple products In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. | 8.1 |
2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |
2020-09-25 | CVE-2020-15208 | Out-of-bounds Write vulnerability in multiple products In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. | 7.5 |
2020-09-25 | CVE-2020-15205 | Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. | 7.5 |
2020-09-23 | CVE-2020-25603 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-23 | CVE-2020-25599 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.0 |
2020-09-23 | CVE-2020-25595 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-21 | CVE-2020-6559 | Use After Free vulnerability in multiple products Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-09-21 | CVE-2020-6576 | Use After Free vulnerability in multiple products Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |