Vulnerabilities > Opensuse > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |
2020-09-25 | CVE-2020-15206 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. | 7.5 |
2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 7.5 |
2020-09-25 | CVE-2020-15195 | Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. | 8.8 |
2020-09-25 | CVE-2020-15193 | Use of Uninitialized Resource vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. | 7.1 |
2020-09-23 | CVE-2020-25603 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-23 | CVE-2020-25599 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.0 |
2020-09-23 | CVE-2020-25595 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-21 | CVE-2020-6559 | Use After Free vulnerability in multiple products Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-09-21 | CVE-2020-6576 | Use After Free vulnerability in multiple products Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |