525 matches found
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing.private.utils or other modules that can be leveraged for...
GHSA-FJ43-3QMQ-673F Picklescan failed to detect to some unsafe global function in Numpy library
Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...
PT-2025-15902 · Pypi · Picklescan
Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...
CVE-2024-11039
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
OESA-2025-1297 python-asteval security update
ASTEVAL provides a numpy-aware, safeish 'eval' function Emphasis is on mathematical expressions, and so numpy ufuncs are used if available. Symbols are held in the Interpreter symbol table 'symtable': a simple dictionary supporting a simple, flat namespace. Expressions can be compiled into ast no...
CVE-2024-11039
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039
CVE-2024-11039 affects binary-husky/gpt_academic
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
Linux Distros Unpatched Vulnerability : CVE-2021-41495
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Null Pointer Dereference vulnerability exists in numpy.sort in NumPy and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allo...
Linux Distros Unpatched Vulnerability : CVE-2021-33430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from...
Linux Distros Unpatched Vulnerability : CVE-2021-34141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specif...
Linux Distros Unpatched Vulnerability : CVE-2021-41496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully...
Linux Distros Unpatched Vulnerability : CVE-2017-12852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allo...
Linux Distros Unpatched Vulnerability : CVE-2014-1858
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. CVE-2014-1858 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2019-6446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted...
openSUSE Security Advisory (SUSE-SU-2025:0424-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3-numpy (SUSE-SU-2025:0424-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0424-1 advisory. - CVE-2021-41495: missing return value validation can lead to null pointer dereference. bsc1193911 Other...