Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46060 | 2 Anaconda, Apple | 2 Anaconda3, Macos | 2026-01-05 | N/A | 7.8 HIGH |
|
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
|
|||||
| CVE-2023-35845 | 2 Anaconda, Linux | 2 Anaconda3, Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.
|
|||||
| CVE-2022-26526 | 2 Anaconda, Conda | 2 Anaconda3, Miniconda3 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who ins ...
Show More |
|||||
| CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.
|
|||||