Filtered by vendor Anaconda
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35845 | 2 Anaconda, Linux | 2 Anaconda3, Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected. | |||||
CVE-2022-26526 | 2 Anaconda, Conda | 2 Anaconda3, Miniconda3 | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed. | |||||
CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | |||||
CVE-2021-42343 | 1 Anaconda | 1 Dask | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. |