Lucene search
K

19 matches found

Nuclei
Nuclei
added yesterday24 views

PyArrow Flight RPC - Remote Code Execution

PyArrow Flight RPC from v0.14.0 through v14.0.0 allows remote attackers to execute arbitrary code via a maliciously crafted Python-defined extension type. id: CVE-2023-47248 info: name: PyArrow Flight RPC - Remote Code Execution author: smolse severity: critical description: | PyArrow Flight RPC...

9.8CVSS7AI score0.14414EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 6:8 p.m.10 views

Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)

Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...

9.8CVSS7.1AI score0.14414EPSS
Exploits0Affected Software1
Circl
Circl
added 2025/03/05 9:1 p.m.535 views

CVE-2023-47248

creationtimestamp| type| source ---|---|--- 2025-03-05 21:01:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ljnutmfxed2z 2025-03-27 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-27 2025-05-26 00:00:00+00:00| exploited| The...

9.8CVSS6.8AI score0.14414EPSS
In wildExploits0References4
RedhatCVE
RedhatCVE
added 2025/02/14 12:42 p.m.8 views

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

9.8CVSS7.2AI score0.14414EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:52 p.m.22 views

Security Bulletin: Vulnerability in PyArrow Affects IBM watsonx.data

Summary PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

9.8CVSS9.6AI score0.14414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:15 p.m.54 views

Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...

9.8CVSS9.5AI score0.14414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 8:24 p.m.36 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to PyArrow arbitrary code execution vulnerability ( CVE-2023-47248)

Summary Potential PyArrow arbitrary code execution vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow...

9.8CVSS9.7AI score0.14414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:59 p.m.62 views

Security Bulletin: Vulnerability in PyArrow affects IBM Process Mining CVE-2023-47248

Summary There is a vulnerability in PyArrow that could allow an attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION:...

9.8CVSS9.7AI score0.14414EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/11/29 12:0 a.m.19 views

Fedora: Security Advisory for python-geopandas (FEDORA-2023-8857bdcd95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.14414EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/11/29 12:0 a.m.19 views

Fedora: Security Advisory (FEDORA-2023-1c5e667fd0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.14414EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.19 views

Fedora 38 : python-geopandas (2023-c907492c3e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c907492c3e advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.8CVSS7.3AI score0.14414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.21 views

Fedora 39 : python-geopandas (2023-1c5e667fd0)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c5e667fd0 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.8CVSS7.3AI score0.14414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.25 views

Fedora 37 : python-geopandas (2023-8857bdcd95)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8857bdcd95 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.8CVSS7.3AI score0.14414EPSS
Exploits0References2
OSV
OSV
added 2023/11/17 9:47 p.m.32 views

GHSA-X563-6HQV-26MR Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file

Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...

9.4AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/17 9:47 p.m.33 views

Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file

Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...

9.8CVSS9.6AI score0.14414EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2023/11/09 9:30 a.m.4 views

a2ml (>=0.3.1 <=0.5.3), abi-ds-utils (=1.2.4) +756 more potentially affected by CVE-2023-47248 via pyarrow (>=0.14.0 <=14.0.0)

pyarrow PYPI version =0.14.0, =0.3.1, =2.0.4, =0.0.1a1, =0.1.0, =0.1.0, =0.1.7, =0.0.2, =80.4.6, =80.8.5 - alectio-sdk =0.6.8 and more Source cves: CVE-2023-47248 Source advisory: OSV:GHSA-5WVP-7F3H-6WMM...

9.8CVSS6.8AI score0.14414EPSS
Exploits0
OSV
OSV
added 2023/11/09 8:17 a.m.29 views

CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

9.8CVSS7.1AI score0.14414EPSS
Exploits0References10
Cvelist
Cvelist
added 2023/11/09 8:17 a.m.25 views

CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

9.8AI score0.14414EPSS
Exploits0References6
CVE
CVE
added 2023/11/09 8:17 a.m.169 views

CVE-2023-47248

CVE-2023-47248 affects PyArrow IPC/Parquet readers (versions 0.14.0–14.0.0); unsafe deserialization allows arbitrary code execution when processing untrusted Arrow IPC/Feather/Parquet data. The NVD entry and multiple vendor advisories (IBM, CIRCL, Nuclei template) confirm remote code execution vi...

9.8CVSS9.6AI score0.14414EPSS
In wildExploits0References6Affected Software1
Rows per page
Query Builder