Lucene search
Veracode Vulnerability DatabaseVERACODE:13251HistoryJan 17, 2019 - 8:24 a.m.
Arbitrary Code Execution
2019-01-1708:24:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.034 Low
EPSS
Percentile
91.5%
numpy is vulnerable to code execution. It loads pickle by default (np.load(allow_pickle=True)) and uses the module in an unsafe way such that it allows an attacker to execute arbitrary code via a malicious serialized object.
References
lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
www.securityfocus.com/bid/106670
bugzilla.suse.com/show_bug.cgi?id=1122208
github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb
github.com/numpy/numpy/issues/12759
lists.fedoraproject.org/archives/list/[email protected]/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
Related
nessus
nessus
Oracle Linux 8 : numpy (ELSA-2019-3704)
2023-09-07 00:00:00
SUSE SLED15 / SLES15 Security Update : python-numpy (SUSE-SU-2019:2462-2)
2019-10-21 00:00:00
EulerOS 2.0 SP5 : numpy (EulerOS-SA-2020-1315)
2020-03-23 00:00:00
osv
osv
Moderate: numpy security update
2019-11-05 20:53:10
Numpy Deserialization of Untrusted Data
2022-05-24 22:00:57
PYSEC-2019-108
2019-01-16 05:29:00
cve
cve
CVE-2019-6446
2019-01-16 05:29:01
suse
suse
Security update for python-numpy (important)
2019-02-26 00:00:00
Security update for python-numpy (moderate)
2019-10-01 00:00:00
Security update for python-numpy (moderate)
2019-10-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for python-numpy (openSUSE-SU-2019:0245-1)
2019-02-26 00:00:00
openSUSE: Security Advisory for python-numpy (openSUSE-SU-2019:2225-1)
2019-10-01 00:00:00
Huawei EulerOS: Security Advisory for numpy (EulerOS-SA-2020-1730)
2020-07-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Python NumPy Library Command Injection (CVE-2019-6446)
2019-05-27 00:00:00
debiancve
debiancve
CVE-2019-6446
2019-01-16 05:29:01
rocky
rocky
numpy security update
2019-11-05 20:53:10
python27:2.7 security and bug fix update
2019-11-05 17:32:12
prion
prion
Design/Logic Flaw
2019-01-16 05:29:00
github
github
Numpy Deserialization of Untrusted Data
2022-05-24 22:00:57
redhat
redhat
(RHSA-2019:3704) Moderate: numpy security update
2019-11-05 20:53:10
(RHSA-2019:3335) Moderate: python27:2.7 security and bug fix update
2019-11-05 17:32:12
nvd
nvd
CVE-2019-6446
2019-01-16 05:29:01
ubuntucve
ubuntucve
CVE-2019-6446
2019-01-16 00:00:00
oraclelinux
oraclelinux
numpy security update
2019-11-14 00:00:00
python27:2.7 security and bug fix update
2019-11-14 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: numpy-1.16.3-1.fc30
2019-04-27 21:36:44
redhatcve
redhatcve
CVE-2019-6446
2020-04-03 01:48:59
mageia
mageia
Updated python-numpy packages fix security vulnerability
2019-11-14 19:58:51
almalinux
almalinux
Moderate: numpy security update
2019-11-05 20:53:10
Moderate: python27:2.7 security and bug fix update
2019-11-05 17:32:12
cvelist
cvelist
CVE-2019-6446
2019-01-16 05:00:00
lenovo
lenovo
Brocade Network Advisor Vulnerabilities - Lenovo Support US
2019-06-10 15:06:45
Brocade Network Advisor Vulnerabilities - US
2019-06-10 15:06:45