Published: 16/01/2019 Updated: 11/04/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in NumPy 1.16.0 and previous versions. It uses the pickle Python module unsafely, which allows remote malicious users to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

Vulnerable Product	Search on Vulmon	Subscribe to Product
numpy numpy
fedoraproject fedora 30

Synopsis Moderate: python27:27 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sco ...

Synopsis Moderate: numpy security update Type/Severity Security Advisory: Moderate Topic An update for numpy is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...

An issue was discovered in NumPy 1160 and earlier It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpyload call ...

AISecMatrix Project

AISecMatrix Abstract Environment Access 21 Dependent Software Attack 22 Malicious Access to Docker 23 Hardware Backdoor Attack 24 Supply Chains Attack Data Collection 31 Data Poisoning 32 Data Backdoor Attack Model Training 41 Data Recovery in Gradient 42 Initial Weight Modification 43 Code Attack 44 Training Backdoor Attack 45 Non-centralized Scenario

Numpy deserialization command execution

CVE-2019-6446 Numpy反序列化命令执行 NumPy是一个功能强大的Python库，主要用于对多维数组执行计算。大佬们分析称其版本小于等于1160存在该漏洞，修复建议是删除lib/npyiopy中load函数的参数allow_pickle或将其值改为False就可以避免反序列化问题；在测试1163（Mac/Windows）版本该load函数移除了allo

A Rock Paper Scissors game made with python

Online Game: RockPaperScissors An online Clinet-Server Rock Paper Scissors game made with python This is a simple project where I made an online game of the famous RockPaperScissors game The game server will be running for 1 month then I will shut it down due to the hosting cost that I won't be able to afford How To Play? simple, you download, you will get connected to a

CWE-502 https://github.com/numpy/numpy/issues/12759 https://bugzilla.suse.com/show_bug.cgi?id=1122208 http://www.securityfocus.com/bid/106670 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3704 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/https://access.redhat.com/errata/RHSA-2019:3335 https://nvd.nist.gov https://github.com/AISecMatrix/AISecMatrix https://access.redhat.com/security/cve/cve-2019-6446

CVE-2019-6446

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect