Lucene search
K

4 matches found

NVD
NVD
added 2025/06/17 9:15 p.m.9 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
NVD
NVD
added 2025/06/17 9:15 p.m.7 views

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/06/17 8:40 p.m.9 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.6AI score0.00244EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.4 views

PT-2025-25762 · Unknown · Conda-Smithy

Name of the Vulnerable Software and Affected Versions: conda-smithy versions prior to 3.47.1 Description: The issue results from the use of an outdated and insecure padding scheme during RSA encryption in the travis encrypt binstar token implementation. A malicious actor with access to an oracle...

6.3CVSS6.2AI score0.00244EPSS
Exploits0References7
Rows per page
Query Builder