VYPR
Vendor

Anaconda

Products
2
CVEs
3
Across products
5
Status
Private

Products

2

Recent CVEs

3
  • CVE-2021-42969HigMay 13, 2022
    risk 0.57cvss 8.8epss 0.02

    Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.

  • CVE-2022-26526HigMar 17, 2022
    risk 0.51cvss 7.8epss 0.00

    Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by…

  • CVE-2023-35845MedSep 11, 2023
    risk 0.31cvss 4.7epss 0.00

    Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as…