Lucene search
K

21 matches found

NVD
NVD
added 2026/06/18 9:16 p.m.15 views

CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 8:47 p.m.20 views

CVE-2026-46699

CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...

7.6CVSS5.3AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:47 p.m.18 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50794

Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...

7.6CVSS5.8AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18564

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00525EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS7.1AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 9:15 p.m.6 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
NVD
NVD
added 2025/06/17 9:15 p.m.6 views

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/17 8:40 p.m.8 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/17 8:40 p.m.3 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.7AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/06/17 8:40 p.m.8 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.6AI score0.00244EPSS
Exploits0References5
CVE
CVE
added 2025/06/17 8:40 p.m.18 views

CVE-2025-49824

CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...

6.3CVSS6.2AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/06/17 8:39 p.m.5 views

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS6.6AI score0.00525EPSS
Exploits0References5
CVE
CVE
added 2025/06/17 8:39 p.m.13 views

CVE-2025-49843

The CVE-2025-49843 issue affects conda-smithy prior to version 3.47.1, where the travis_headers function creates files with permissions exceeding 0o600, potentially allowing read/write access beyond the intended user. This weakens least-privilege protections and could let an attacker access confi...

6.9CVSS6.5AI score0.00525EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/17 8:39 p.m.8 views

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/17 8:39 p.m.3 views

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS7AI score0.00525EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.4 views

conda-forge conda-smithy 安全漏洞

conda-forge conda-smithy is a conda-forge open source tool for managing raw materials for Conda Forge. A security vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from a file created by the travisheaders function having too many permissions, which could lead ...

6.9CVSS6.4AI score0.00525EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.4 views

PT-2025-25763 · Unknown · Conda-Smithy

Name of the Vulnerable Software and Affected Versions: conda-smithy versions prior to 3.47.1 Description: The issue concerns a tool that combines a conda recipe with configurations for building using freely hosted CI services. Prior to version 3.47.1, a function in the repository creates files wi...

6.9CVSS6.3AI score0.00525EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.3 views

conda-forge conda-smithy 信息泄露漏洞

conda-forge conda-smithy is a conda-forge open source tool for managing conda-forge raw materials. An information disclosure vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from the travisencryptbinstartoken implementation being at risk of an Oracle Padding...

6.3CVSS5.9AI score0.00244EPSS
Exploits0References5
Rows per page
Query Builder