Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-28316

Malicious code in bioql PyPI...

4.6CVSS6.6AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/19 2:18 p.m.9 views

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

4.6CVSS7AI score0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 2:2 p.m.6 views

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

4.6CVSS7AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/17 2:2 p.m.24 views

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

4.6CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/06/17 2:2 p.m.20 views

CVE-2025-49842

The CVE concerns conda-forge-webservices, a web app used to manage conda-forge admin tasks. Prior to version 2025.3.24, the conda_forge_webservice Docker container executed commands without a dedicated user, leaving the container running as root. This can enable privilege escalation and potential...

4.6CVSS7.6AI score0.00157EPSS
Exploits0References2
OSV
OSV
added 2025/06/17 2:2 p.m.8 views

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

4.6CVSS7.5AI score0.00157EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.4 views

conda-forge-webservices 安全漏洞

conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in conda-forge-webservices versions prior to 2025.3.24, which stems from a Docker container executing commands as the root user, which...

4.6CVSS6.9AI score0.00157EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.10 views

PT-2025-25658 · Conda Forge · Conda-Forge-Webservices

Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.3.24 Description: The conda-forge-webservices web app, used to run conda-forge admin commands and linting, has an issue where the conda forge webservice Docker container executes commands without...

4.6CVSS7.1AI score0.00157EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/17 10:57 p.m.20 views

CVE-2025-32784

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...

7.5CVSS7AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 10:15 p.m.14 views

CVE-2025-32784

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...

7.5CVSS0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/15 9:56 p.m.14 views

CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...

7.5CVSS0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/15 9:56 p.m.8 views

CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...

7.5CVSS6.7AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2025/04/15 9:56 p.m.61 views

CVE-2025-32784

Conda-forge-webservices (versions prior to 2025.4.10) is vulnerable to an unauthorized artifact modification race condition (TOCTOU). The issue arises from a lack of atomicity between hash validation and the artifact copy, allowing an attacker with cf-staging access to overwrite a verified artifa...

7.5CVSS6.3AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2025/04/15 9:56 p.m.8 views

CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...

7.5CVSS6.7AI score0.00231EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.4 views

conda-forge-webservices 安全漏洞

conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in versions of conda-forge-webservices prior to 2025.4.10 that stems from a competitive condition and could lead to the release of a...

7.5CVSS6.6AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16541 · Conda Forge · Conda-Forge-Webservices

Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.4.10 Description: A Time-of-Check to Time-of-Use TOCTOU issue has been identified in the conda-forge-webservices component, which can be exploited to introduce unauthorized modifications to build...

7.5CVSS6.2AI score0.00231EPSS
Exploits0References9
Rows per page
Query Builder