Lucene search
K

7 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-14534

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS0.00328EPSS
Exploits0References4
CVE
CVE
added 5 days ago21 views

CVE-2026-14534

The CVE-2026-14534 issue affects the Python package fickling, up to version 0.1.10. The root cause is that the UNSAFE_IMPORTS denylist omits three standard library modules — _posixsubprocess, site, and atexit — causing check_safety() to return LIKELY_SAFE and allowing pickle payloads to deseriali...

8.8CVSS5.8AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41675

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-55704

Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...

8.8CVSS6.2AI score0.00328EPSS
Exploits0References12
OSV
OSV
added 2024/11/14 3:45 p.m.4 views

GHSA-RP9H-RF7G-HWGR s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

6.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/14 3:45 p.m.13 views

s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

6.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder