Lucene search
K

51 matches found

NVD
NVD
added 2026/06/18 9:16 p.m.15 views

CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:47 p.m.18 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 8:47 p.m.25 views

CVE-2026-46699

CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...

7.6CVSS5.3AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50794

Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...

7.6CVSS5.8AI score0.00201EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в pygments

A ReDoS issue was discovered in the pygments/lexers/smithy.py file within pygments, as of version 2.15.0, due to the use of SmithyLexer...

5.5CVSS6.2AI score0.00503EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/08 9:52 p.m.5 views

@0xflick/jest-dynamodb (=4.0.1-pre.2), @42technologies/secretstore-aws (>=1.0.1 <=1.0.2) +1495 more potentially affected by unknown CVE via @smithy/config-resolver (>=1.1.0 <=3.0.13)

@smithy/config-resolver NPM version =1.1.0, =1.0.1, =1.0.0, =1.0.1, =0.3.2, =0.3.2, =0.0.1, =0.10.2, =0.1.0, =0.5.0, =2.1.25, =2.3.0, =9.1.6, =2.2.2, =3.1.21 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6475-R3VJ-M8VF...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/08 9:52 p.m.64 views

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

6.7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/08 9:52 p.m.72 views

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

3.7CVSS6.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.9 views

PT-2026-3409

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

3.7CVSS6.7AI score
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18564

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00525EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.5 views

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

...

5.5CVSS7AI score0.00503EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS7.1AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 9:15 p.m.8 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
NVD
NVD
added 2025/06/17 9:15 p.m.7 views

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/17 8:40 p.m.8 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/17 8:40 p.m.3 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.7AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2025/06/17 8:40 p.m.18 views

CVE-2025-49824

CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...

6.3CVSS6.2AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/06/17 8:40 p.m.9 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

6.3CVSS6.6AI score0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/17 8:39 p.m.8 views

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
Rows per page
Query Builder