47 matches found
Astra Linux - уязвимость в pygments
A ReDoS issue was discovered in the pygments/lexers/smithy.py file within pygments, as of version 2.15.0, due to the use of SmithyLexer...
GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
@0xflick/jest-dynamodb (=4.0.1-pre.2), @42technologies/secretstore-aws (>=1.0.1 <=1.0.2) +1493 more potentially affected by unknown CVE via @smithy/config-resolver (>=1.1.0 <=3.0.13)
@smithy/config-resolver NPM version =1.1.0, =1.0.1, =1.0.0, =1.0.1, =0.3.2, =0.3.2, =0.0.1, =0.10.2, =0.1.0, =0.5.0, =2.1.25, =2.3.0, =9.1.6, =2.2.2, =3.1.21 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6475-R3VJ-M8VF...
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
PT-2026-3409
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
EUVD-2025-18564
Malicious code in bioql PyPI...
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
...
CVE-2025-49824
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49824
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824
CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49843
The CVE-2025-49843 issue affects conda-smithy prior to version 3.47.1, where the travis_headers function creates files with permissions exceeding 0o600, potentially allowing read/write access beyond the intended user. This weakens least-privilege protections and could let an attacker access confi...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
conda-forge conda-smithy 安全漏洞
conda-forge conda-smithy is a conda-forge open source tool for managing raw materials for Conda Forge. A security vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from a file created by the travisheaders function having too many permissions, which could lead ...