Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Numpy Security Vulnerabilities

cve
cve

CVE-2021-41496

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be...

5.5CVSS

5.6AI Score

0.0004EPSS

2021-12-17 08:15 PM
123
3
cve
cve

CVE-2021-41495

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

5.3CVSS

5.3AI Score

0.001EPSS

2021-12-17 08:15 PM
214
1
cve
cve

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In...

5.3CVSS

5.2AI Score

0.001EPSS

2021-12-17 07:15 PM
106
2
cve
cve

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely...

5.3CVSS

5.5AI Score

0.001EPSS

2021-12-17 07:15 PM
203
2
cve
cve

CVE-2019-6446

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might.....

9.8CVSS

9.3AI Score

0.034EPSS

2019-01-16 05:29 AM
713
cve
cve

CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary...

5.5CVSS

5.1AI Score

0.0004EPSS

2018-01-08 07:29 PM
46
cve
cve

CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary...

5.5CVSS

5.2AI Score

0.0004EPSS

2018-01-08 07:29 PM
57
cve
cve

CVE-2017-12852

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS...

7.5CVSS

7.3AI Score

0.002EPSS

2017-08-15 04:29 PM
93
2