525 matches found
UBUNTU-CVE-2019-6446
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2019-108
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2019-38
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
abcpy (>=0.5.0 <=0.5.2), abtests (>=0.0.1 <=0.0.2.1) +583 more potentially affected by CVE-2019-6446 via numpy (>=1.10.0 <=1.16.0)
numpy PYPI version =1.10.0, =0.5.0, =0.0.1, =0.0.1, =0.1.0, =0.6.0, =2.0.0, =0.0.2, =0.1.0, =0.0.13, =1.1.0rc6, =2.0.0, =2.1.1 and more Source cves: CVE-2019-6446 Source advisory: OSV:PYSEC-2019-108...
PYSEC-2019-108
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
CVE-2019-6446
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...
CVE-2019-6446
Removed by vendor...
CVE-2019-6446
CVE-2019-6446 affects NumPy (pre-1.16.3) where the pickle module is used unsafely via numpy.load, allowing remote code execution with a crafted serialized object. The issue is noted as disputed by third parties who argue the behavior can be legitimate in loading trusted Python object arrays. Mult...
CVE-2019-6446
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...
PT-2019-1615 · Numpy +6 · Numpy +6
Name of the Vulnerable Software and Affected Versions: NumPy versions 1.16.0 and earlier Description: An issue was discovered in NumPy where it uses the pickle Python module unsafely. This allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a...
AZL-41294 CVE-2018-1999024 affecting package numpy for versions less than 1.26.3-4
MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...
CVE-2014-1859
1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...
Arbitrary file deletion
1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...
Design/Logic Flaw
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-1859
1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...
PYSEC-2018-33
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...
PYSEC-2018-34
1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...
UBUNTU-CVE-2014-1858
init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...