High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-25	CVE-2020-15203	Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. network low complexity google opensuse CWE-134	7.5
2020-09-25	CVE-2020-15195	Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. network low complexity google opensuse CWE-787	8.8
2020-09-25	CVE-2020-15193	Use of Uninitialized Resource vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. network low complexity google opensuse CWE-908	7.1
2020-09-23	CVE-2020-25603	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject opensuse debian CWE-670	7.8
2020-09-23	CVE-2020-25599	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local high complexity xen fedoraproject opensuse debian CWE-362	7.0
2020-09-23	CVE-2020-25595	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-269	7.8
2020-09-21	CVE-2020-6559	Use After Free vulnerability in multiple products Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-416	8.8
2020-09-21	CVE-2020-6576	Use After Free vulnerability in multiple products Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-416	8.8
2020-09-21	CVE-2020-6575	Race Condition vulnerability in multiple products Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. network high complexity google debian opensuse fedoraproject CWE-362	8.3
2020-09-21	CVE-2020-6574	Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. local low complexity google opensuse debian fedoraproject	7.8