|
2017-08-15
|
CVE-2017-12852
|
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
|
Numpy
|
7.5
|
|
|
|
2019-01-16
|
CVE-2019-6446
|
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
|
Fedora, Numpy
|
9.8
|
|
|
|
2018-01-08
|
CVE-2014-1859
|
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
|
Fedora, Numpy, Enterprise_linux
|
5.5
|
|
|
|
2018-01-08
|
CVE-2014-1858
|
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
Numpy
|
5.5
|
|
|