Lucene search
K

5 matches found

NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS0.00757EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.15 views

CVE-2026-56315

CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 8:5 p.m.6 views

PickleScan has multiple stdlib modules with direct RCE not in blocklist

Summary picklescan v1.0.3 latest does not block at least 7 Python standard library modules that provide direct arbitrary command execution or code evaluation. A malicious pickle file importing these modules is reported as having 0 issues CLEAN scan. This enables remote code execution that bypasse...

6.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/20 6:24 p.m.11 views

Fickling has a detection bypass via stdlib network-protocol constructors

Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...

5.8AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/11/14 12:0 a.m.40 views

Amazon Linux AMI : python26 (ALAS-2013-241)

It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. CVE-2013-1752...

6.8CVSS7.5AI score0.05741EPSS
Exploits5References3
Rows per page
Query Builder