Vulnerabilities > Opensuse > Leap > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15209 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse
5.9
5.9
2020-09-25 CVE-2020-15204 In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse
5.3
5.3
2020-09-25 CVE-2020-15194 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments.
network
low complexity
google opensuse
5.3
5.3
2020-09-25 CVE-2020-15192 Improper Input Validation vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure.
network
low complexity
google opensuse CWE-20
4.3
4.3
2020-09-25 CVE-2020-15191 Unchecked Return Value vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition.
network
low complexity
google opensuse CWE-252
5.3
5.3
2020-09-25 CVE-2020-15190 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors.
network
low complexity
google opensuse
5.3
5.3
2020-09-25 CVE-2019-11556 Cross-site Scripting vulnerability in multiple products
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
network
low complexity
redhat opensuse CWE-79
6.1
6.1
2020-09-24 CVE-2020-26088 Incorrect Default Permissions vulnerability in multiple products
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
local
low complexity
linux debian opensuse canonical CWE-276
5.5
5.5
2020-09-23 CVE-2020-25604 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject debian opensuse CWE-362
4.7
4.7
2020-09-23 CVE-2020-25602 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-755
6.0
6.0