Lucene search
+L

94 matches found

nessus
nessus
added 2024/11/14 12:0 a.m.13 views

Fedora 37 : python-joblib (2022-c83ce1c000)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c83ce1c000 advisory. Security fix for CVE-2022-21797 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

9.8CVSS7.1AI score0.01975EPSS
Exploits1References2
ibm
ibm
added 2024/08/21 4:44 p.m.58 views

Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997

Summary Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997 Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated attacker to execute arbitrary code on the...

7.5CVSS7.6AI score0.00664EPSS
Exploits1Affected Software1
ibm
ibm
added 2024/08/05 9:46 p.m.21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to joblib arbitrary code execution vulnerability [ CVE-2024-34997]

Summary Potential joblib arbitrary code execution vulnerability CVE-2024-34997 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34997...

7.5CVSS7.8AI score0.00664EPSS
Exploits1Affected Software1
ibm
ibm
added 2024/07/31 7:43 a.m.27 views

Security Bulletin: IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997

Summary IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a...

7.5CVSS7.6AI score0.00664EPSS
Exploits1Affected Software1
veracode
veracode
added 2024/05/22 6:12 a.m.26 views

Deserialization Of Untrusted Data

joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the readarray function within numpypickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted pickle...

7.6AI score0.00664EPSS
Exploits1References4Affected Software1
susecve
susecve
added 2024/05/21 2:0 a.m.3 views

SUSE CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS7.4AI score0.00664EPSS
Exploits1References3
redhatcve
redhatcve
added 2024/05/20 6:46 p.m.23 views

CVE-2024-34997

A flaw was found in python-joblib. A deserialization vulnerability via the joblib.numpypickle::NumpyArrayWrapper.readarray component uses the insecure pickle python library when used with untrusted inputs...

8.1CVSS6.5AI score0.00664EPSS
Exploits1References4
pypa
pypa
added 2024/05/17 7:15 p.m.14 views

PYSEC-2024-277

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.5AI score0.00664EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2024/05/17 7:15 p.m.22 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.9AI score0.00664EPSS
Exploits1References2
alpinelinux
alpinelinux
added 2024/05/17 7:15 p.m.6 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS7.4AI score0.00664EPSS
Exploits1References2
osv
osv
added 2024/05/17 7:15 p.m.3 views

DEBIAN-CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.2AI score0.00664EPSS
Exploits1References1
osv
osv
added 2024/05/17 7:15 p.m.12 views

PYSEC-2024-277

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.5AI score0.00664EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2024/05/17 7:15 p.m.29 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.6AI score0.00664EPSS
Exploits1References2
osv
osv
added 2024/05/17 7:15 p.m.4 views

UBUNTU-CVE-2024-34997

DISPUTED joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS5.8AI score0.00664EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/05/17 12:0 a.m.5 views

joblib 安全漏洞

joblib is a set of tools open-sourced by joblib to provide lightweight pipelining in Python. A security vulnerability exists in joblib v1.4.2, which stems from the presence of a deserialization vulnerability...

7.5CVSS5.9AI score0.00664EPSS
Exploits1References3
cvelist
cvelist
added 2024/05/17 12:0 a.m.38 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

6.8AI score0.00664EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/05/17 12:0 a.m.27 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.2AI score0.00664EPSS
Exploits1References2
cve
cve
added 2024/05/17 12:0 a.m.102 views

CVE-2024-34997

CVE-2024-34997 affects joblib v1.4.2, with a deserialization vulnerability in the joblib.numpy_pickle::NumpyArrayWrapper().read_array(). The supplier disputes the issue, noting NumpyArrayWrapper is used only for caching trusted content. Affected/linked advisories cite an unsafe pickle-based deser...

7.5CVSS6.8AI score0.00664EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2024/05/17 12:0 a.m.12 views

PT-2024-26286

Name of the Vulnerable Software and Affected Versions joblib version 1.4.2 Description A deserialization issue was found in the joblib.numpy pickle::NumpyArrayWrapper.read array component. This issue is disputed by the supplier, who claims that NumpyArrayWrapper is only used during caching of...

7.5CVSS6.3AI score0.00664EPSS
Exploits1References17
osv
osv
added 2024/05/17 12:0 a.m.19 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS7.5AI score0.00664EPSS
Exploits1References4
Rows per page
Query Builder