Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-01	CVE-2020-15676	Cross-site Scripting vulnerability in multiple products Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. network low complexity mozilla debian opensuse CWE-79	6.1
2020-09-25	CVE-2020-15211	In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. network high complexity google opensuse	4.8
2020-09-25	CVE-2020-15210	Out-of-bounds Write vulnerability in multiple products In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. network high complexity google opensuse CWE-787	6.5
2020-09-25	CVE-2020-15209	In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. network high complexity google opensuse	5.9
2020-09-25	CVE-2020-15204	In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. network low complexity google opensuse	5.3
2020-09-25	CVE-2020-15194	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. network low complexity google opensuse	5.3
2020-09-25	CVE-2020-15192	Improper Input Validation vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. network low complexity google opensuse CWE-20	4.3
2020-09-25	CVE-2020-15191	Unchecked Return Value vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. network low complexity google opensuse CWE-252	5.3
2020-09-25	CVE-2020-15190	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. network low complexity google opensuse	5.3
2020-09-25	CVE-2019-11556	Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. network low complexity redhat opensuse CWE-79	6.1