EulerOS Virtualization for ARM 64 3.0.2.0 : numpy (EulerOS-SA-2020-1545)

According to the version of the numpy packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remo...

Denial Of Service (DoS)

psdtools is vulnerable to denial of service DoS. The vulnerability exists due to the improper handling of psd input data during the decoding of RLE into PIL.Image, or the NumPy format...

numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

Arbitrary Code Execution

numpy is vulnerable to arbitrary code execution. A use-after-free in arraytypes.c.src occurs when constructing object array from a void array, which would potentially allow an attacker to execute arbitrary code...

Exploit for Deserialization of Untrusted Data in Numpy

CVE-2019-6446: NumPy deserialization command execution NumP...

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

abcpy (>=0.5.0 <=0.5.2), abtests (>=0.0.1 <=0.0.2.1) +583 more potentially affected by CVE-2019-6446 via numpy (>=1.10.0 <=1.16.0)

numpy PYPI version =1.10.0, =0.5.0, =0.0.1, =0.0.1, =0.1.0, =0.6.0, =2.0.0, =0.0.2, =0.1.0, =0.0.13, =1.1.0rc6, =2.0.0, =2.1.1 and more Source cves: CVE-2019-6446 Source advisory: OSV:PYSEC-2019-108...

AZL-41294 CVE-2018-1999024 affecting package numpy for versions less than 1.26.3-4

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

CVE-2014-1859

1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...

Design/Logic Flaw

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

UBUNTU-CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...