24 matches found
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scanner.py deserialization scanning logic. An attacker can achieve remote code execution by crafting ...
GHSA-6556-FWC2-FG2P Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...
EUVD-2025-205782
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef...
GHSA-RRXM-2PVV-M66X Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef
Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via using the numpy.f2py.crackfortran.parameval function. An attacker can execute arbitrary code by crafting ...
EUVD-2025-205659
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...
GHSA-3329-GHMP-JMV5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval
Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to using the numpy.f2py.crackfortran.myeval function, which executes a remote pickle file. An attacker ca...
GHSA-R8G5-CGF2-4M4M Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...
EUVD-2025-205587
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef...
GHSA-CW6W-4RCX-XPHC Arbitrary file write in NumPy
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
[SECURITY] Fedora 30 Update: numpy-1.16.3-1.fc30
NumPy is a general-purpose array-processing package designed to efficiently manipulate large multi-dimensional arrays of arbitrary records without sacrificing too much speed for small multi-dimensional arrays. NumPy is built on the Numeric code base and adds features introduced by numarray as wel...
CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
UBUNTU-CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
PYSEC-2018-33
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-1858
CVE-2014-1858 affects NumPy’s f2py (init .py) prior to 1.8.1. It allows local users to write to arbitrary files via a symlink attack on a temporary file, potentially enabling file overwrite on the system. This is documented in the CVE record and corroborated by multiple advisories and a GHSA entr...
CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-1858
Removed by vendor...