Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper cleanup in error paths within resource extraction and scanning processes. An attacker can degrade system availability by causing resource leaks and exhausting file...

EUVD-2024-22166

Malicious code in bioql PyPI...

Directory Traversal

Overview internetarchive is an A Python interface to archive.org. Affected versions of this package are vulnerable to Directory Traversal via the download function in the file.py file, which does not properly sanitize user-supplied filenames or validate the final download path. An attacker can...

MAL-2025-41007 Malicious code in zip-mp3-a-lbum-do-wnload-new-31841-my-melody-4etja-ihiwfy (npm)

The package zip-mp3-a-lbum-do-wnload-new-31841-my-melody-4etja-ihiwfy was found to contain malicious code...

CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

GO-2022-0921 Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd

Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd...

Malicious code in sap-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 294d098446b3030fb784fc523a77d096e06a4df4e977a0ffef2867e513da0c7d The OpenSSF Package Analysis project identified 'sap-archive' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Yokogawa CENTUM and Exaopc Permissions, Privileges, and Access Controls (CVE-2022-22141)

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

Design/Logic Flaw

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

Yokogawa Exaopc 权限许可和访问控制问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from the "Long-term Data Archive Package" service creating named pipes with incorrect ACL configurations. The following products and...

Security update for containerd, docker, runc (important)

openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:3506-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...

Archive package allows chmod of file outside of unpack target directory

...