Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
numpy vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow malicious users to cause a DoS attack.
Numpy Numpy
3.5
CVSSv2
CVE-2021-33430
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a v...
Numpy Numpy
2.1
CVSSv2
CVE-2021-41496
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows malicious users to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negati...
Numpy Numpy
2.1
CVSSv2
CVE-2014-1858
__init__.py in f2py in NumPy prior to 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
Numpy Numpy
3.5
CVSSv2
CVE-2021-41495
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows malicious users to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that valida...
Numpy Numpy
2.1
CVSSv2
CVE-2014-1859
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy prior to 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
Numpy Numpy
Numpy Numpy 1.8.1
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 19
Fedoraproject Fedora 20
7.5
CVSSv2
CVE-2019-6446
An issue exists in NumPy 1.16.0 and previous versions. It uses the pickle Python module unsafely, which allows remote malicious users to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it...
Numpy Numpy
Fedoraproject Fedora 30
3 Github repositories
5
CVSSv2
CVE-2021-34141
An incomplete string comparison in the numpy.core component in NumPy prior to 1.22.0 allows malicious users to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Numpy Numpy
Oracle Communications Cloud Native Core Policy 22.1.3
NA
CVE-2024-34072
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. Th...
NA
CVE-2022-41884
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. T...
Google Tensorflow 2.10.0
Google Tensorflow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »