|
2017-08-15
|
CVE-2017-12852 |
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. |
Numpy
|
7.5
|
|
|
2019-01-16
|
CVE-2019-6446 |
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources. |
Fedora,
Numpy
|
9.8
|
|
|
2018-01-08
|
CVE-2014-1859 |
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. |
Fedora,
Numpy,
Enterprise_linux
|
5.5
|
|
|
|
2018-01-08
|
CVE-2014-1858 |
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. |
Numpy
|
5.5
|
|
|