|
210631
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15266
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210632
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens…
|
-
|
CVE-2020-15265
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210633
|
7.2 |
HIGH
Network
|
openmage
|
magento
|
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through prod…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15244
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210634
|
9.1 |
CRITICAL
Network
|
sparksolutions
|
spree
|
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround wit…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15269
|
2024-11-21 14:05 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210635
|
9.1 |
CRITICAL
Network
|
auth0
|
omniauth-auth0
|
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can al…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15240
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210636
|
6.1 |
MEDIUM
Network
|
orchid
|
platform
|
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.…
|
-
|
CVE-2020-15263
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210637
|
3.7 |
LOW
Network
|
webpack-subresource-integrity_project
|
webpack-subresource-integrity
|
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15262
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210638
|
7.8 |
HIGH
Local
|
chocolatey
|
boxstarter
|
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged use…
|
-
|
CVE-2020-15264
|
2024-11-21 14:05 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210639
|
6.7 |
MEDIUM
Local
|
veyon
|
veyon
|
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables wit…
|
-
|
CVE-2020-15261
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210640
|
9.8 |
CRITICAL
Network
|
object-path_project
|
object-path
|
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is u…
|
NVD-CWE-Other
|
CVE-2020-15256
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
