How severe is CVE-2020-15196?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2020-15196?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2020-15196

CRITICAL Year: 2020

CVSS v3 Score

9.9

Critical

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-119

View all →

Vulnerability Description

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

CVE-2012-1516

CRITICAL

CVSS:9.9(Critical)

The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process cra...

CWE-1192012

CVE-2017-4901

CRITICAL

CVSS:9.9(Critical)

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execut...

CWE-1192017

CVE-2018-3872

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process inc...

CWE-1192018

CVE-2018-3873

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de...

CWE-1192018

CVE-2018-3874

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de...

CWE-1192018

CVE-2018-3875

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incor...

CWE-1192018

CVE-2020-15196

Vulnerability Description

Related Vulnerabilities

CVE-2012-1516

CVE-2017-4901

CVE-2018-3872

CVE-2018-3873

CVE-2018-3874

CVE-2018-3875