Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98189)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98189 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an...

Fedora 38 : python-nikola (2024-1eb20f8ec3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting...

Debian dla-3295 : libjs-moment - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3295 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3295-1 [email protected]...

[SECURITY] [DLA 3295-1] node-moment security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3295-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS -...

Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

CVE-2023-22467

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

Input validation

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

CVE-2022-31129

Moment.js (JavaScript date library) contains a vulnerability in string-to-date parsing via RFC2822 parsing, causing quadratic (N^2) complexity and potential (Re)DoS for long inputs (&gt;10k chars). The issue is mitigated by upgrading to Moment.js v2.29.4 or later; if upgrading is not possible, li...

CVE-2022-31129 Inefficient Regular Expression Complexity in moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

CVE-2022-31129 Inefficient Regular Expression Complexity in moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...