CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15195 – Heap buffer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2020-15195
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. En Tensorflow versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, la implementación de "SparseFillEmptyRowsGrad" usa un patrón de indexación doble. Es posible que "reverse_index_map (i)" sea un índice fuera de los límites de "grad_values", lo que resulta en un desbordamiento del búfer de la pila. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54 https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15190 – Segfault in Tensorflow
https://notcve.org/view.php?id=CVE-2020-15190
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11556
https://notcve.org/view.php?id=CVE-2019-11556
Pagure before 5.6 allows XSS via the templates/blame.html blame view. Pagure versiones anteriores a 5.6, permite ataques de tipo XSS por medio de la vista dblame en el archivo templates/blame.html • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html https://docs.pagure.org/pagure/changelog.html https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618 https://pagure.io/pagure/commits/master • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15676 – Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
https://notcve.org/view.php?id=CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Firefox a veces ejecutaba el manejador de carga para elementos SVG que el saneador DOM decidió eliminar, resultando en que el JavaScript sea ejecutado después de pegar los datos controlados por el atacante en un elemento satisfactorio. Esta vulnerabilidad afecta a Firefox versiones anteriores a 81, Thunderbird versiones anteriores a 78.3, y Firefox ESR versiones anteriores a 78.3 The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/show_bug.cgi?id=1646140 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https://www.mozil • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15678 – Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
https://notcve.org/view.php?id=CVE-2020-15678
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Al volver a recorrer las capas gráficas mientras se desplaza, es posible que un iterador pueda convertirse en no válido, resultando en un potencial uso de la memoria previamente liberada. Esto ocurre porque la función APZCTreeManager::ComputeClippedCompositionBounds no siguió las reglas de invalidación del iterador. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/show_bug.cgi?id=1660211 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https://www.mozil • CWE-416: Use After Free •