EUVD-2015-5235

Malware in sbrugna...

RHEL 7 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...

RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...

Rocky Linux 8 : numpy (RLSA-2019:3704)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3704 advisory. - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary cod...

GHSA-M923-W2GJ-V43G graphite-web is vulnerable to Remote Code Execution via renderLocalView function

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

graphite-web is vulnerable to Remote Code Execution via renderLocalView function

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CentOS 8 : python27:2.7 (CESA-2019:3335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3335 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...

EulerOS Virtualization 3.0.6.0 : numpy (EulerOS-SA-2020-1730)

According to the version of the numpy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attacker...

Remote Code Execution (RCE)

airflow is vulnerable to remote code execution RCE. The package uses the pickle Python module unsafely, allowing remote attackers to execute code through a serialized object...

CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

CVE-2014-5340

The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...

CVE-2014-0485

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2013-5093

Graphite Web (graphite-web) versions 0.9.5–0.9.10 are affected by an unsafe use of pickle in renderLocalView (render/views.py) that enables remote code execution via a crafted serialized object. Connected advisories corroborate a remote code execution vulnerability in graphite-web involving the p...

Code injection

fwdbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object...

CVE-2011-2520

fwdbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object...