limit-size (>=0.1.3 <=0.1.4), limit-size-webpack-plugin (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via byte-parser (=1.0.0)

byte-parser NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on byte-parser and may be impacted: - limit-size =0.1.3, =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3846...

MAL-2026-4143 Malicious code in limit-size (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

EUVD-2025-150395

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-jdk16 is a Bouncy Castle Crypto package that is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6. Affected versions of this package are vulnerable to Allocatio...

PT-2024-21293

Name of the Vulnerable Software and Affected Versions cbor2 versions 5.5.1 through 5.6.2 Description The issue concerns a denial-of-service vulnerability in cbor2, which provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. An attacker can crash a...

SUSE CVE-2011-1749

The nfsaddmntent function in support/nfs/nfsmntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMITFSIZE value,...

CVE-2021-29482 denial of service in github.com/ulikunitz/xz

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

DEBIAN-CVE-2011-1678

smbfs in Samba 3.5.8 and earlier attempts to use 1 mount.cifs to append to the /etc/mtab file and 2 umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process wi...