Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leap vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-15208
In tensorflow-lite prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious a...
Google Tensorflow
Opensuse Leap 15.2
5
CVSSv2
CVE-2020-15191
In Tensorflow prior to 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked....
Google Tensorflow 2.2.0
Google Tensorflow 2.3.0
Opensuse Leap 15.2
4.3
CVSSv2
CVE-2019-11556
Pagure prior to 5.6 allows XSS via the templates/blame.html blame view.
Redhat Pagure
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
2.1
CVSSv2
CVE-2020-26088
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel prior to 5.8.2 could be used by local malicious users to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
Linux Linux Kernel
Debian Debian Linux 9.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
2.1
CVSSv2
CVE-2020-25596
An issue exists in Xen up to and including 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly deli...
Xen Xen
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
Opensuse Leap 15.2
4.4
CVSSv2
CVE-2020-25599
An issue exists in Xen up to and including 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead t...
Xen Xen
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.2
Debian Debian Linux 10.0
4.9
CVSSv2
CVE-2020-25600
An issue exists in Xen up to and including 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ...
Xen Xen
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.2
Debian Debian Linux 10.0
1 Github repository
4.9
CVSSv2
CVE-2020-25601
An issue exists in Xen up to and including 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all eve...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.2
4.6
CVSSv2
CVE-2020-25602
An issue exists in Xen up to and including 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest...
Xen Xen
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
Opensuse Leap 15.2
4.6
CVSSv2
CVE-2020-25603
An issue exists in Xen up to and including 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate mem...
Xen Xen
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.2
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »