Opensuse Leap vulnerabilities

CVE-2020-15191 [MEDIUM] CWE-20 CVE-2020-15191: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dl In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null

CVE-2020-15194 [MEDIUM] CWE-20 CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` i In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass

CVE-2020-26088 [MEDIUM] CWE-276 CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5 A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

CVE-2020-25595 [HIGH] CWE-269 CVE-2020-25595: An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register dat An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that

CVE-2020-25599 [HIGH] CWE-119 CVE-2020-25599: An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVT An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x

CVE-2020-25603 [HIGH] CWE-670 CVE-2020-25603: An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allo An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-or

CVE-2020-25602 [MEDIUM] CWE-755 CVE-2020-25602: An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when hand An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR

CVE-2020-25598 [MEDIUM] CWE-670 CVE-2020-25598: An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource erro An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or mal

CVE-2020-25604 [MEDIUM] CWE-362 CVE-2020-25604: An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers betwe An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue

CVE-2020-25600 [MEDIUM] CWE-787 CVE-2020-25600: An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in

CVE-2020-25596 [MEDIUM] CWE-74 CVE-2020-25596: An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-priv

CVE-2020-25601 [MEDIUM] CVE-2020-25601: An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evt An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time.

CVE-2020-15961 [CRITICAL] CVE-2020-15961: Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an atta Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2020-6573 [CRITICAL] CWE-416 CVE-2020-6573: Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-15963 [CRITICAL] CVE-2020-15963: Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2020-6574 [HIGH] CVE-2020-6574: Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

CVE-2020-15962 [HIGH] CVE-2020-15962: Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote at Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2020-6556 [HIGH] CWE-787 CVE-2020-6556: Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacke Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-15964 [HIGH] CWE-20 CVE-2020-15964: Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attac Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6576 [HIGH] CWE-416 CVE-2020-6576: Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.