Lucene search
K

50 matches found

OSV
OSV
added 2026/06/04 8:52 p.m.5 views

ROOT-APP-NPM-CVE-2022-24785 CVE-2022-24785 in @rootio/moment - Patched by Root

Root has patched CVE-2022-24785 in the @rootio/moment package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.05664EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:7 a.m.4 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1

Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...

7.5CVSS6.7AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/04 9:22 p.m.29 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)

Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...

7.5CVSS7AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:53 a.m.31 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS9.3AI score0.19312EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.16 views

Fedora 37 : python-notebook (2022-f9e459c893)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f9e459c893 advisory. Automatic update for python-notebook-6.4.11-3.fc37. Changelog Wed Jul 13 2022 Miro Hronok - 6.4.11-3 - Fix CVE-2022-24785 and CVE-2022-31129 in...

7.5CVSS6.8AI score0.05664EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/10/17 12:0 a.m.15 views

Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98190)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98190 advisory. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm...

7.5CVSS6.7AI score0.05664EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.65 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.43 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:15 a.m.40 views

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

7.8CVSS7.8AI score0.09905EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.32 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...

8.8CVSS7.7AI score0.0828EPSS
Exploits3References10
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2024-0067)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05664EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.38 views

Fedora 39 : python-notebook (2023-3256575fc8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3256575fc8 advisory. Automatic update for python-notebook-7.0.0-1.fc39. Changelog Thu Jul 20 2023 Lumir Balhar - 7.0.0-1 - Update to 7.0.0 rhbz2224039 Mon Jul 10 2023...

7.5CVSS6.8AI score0.05664EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:55 p.m.44 views

Security Bulletin: IBM Storage Ceph is vulnerable to a path traversal vulnerablity in Moment.js (CVE-2022-24785)

Summary Moment.js is used within the IBM Storage Ceph Dashboard and in assorted other locations. CVE-2022-24785 Vulnerability Details CVEID: CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied...

7.5CVSS6.3AI score0.05664EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2023/10/11 3:26 p.m.134 views

Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...

7.5CVSS7.3AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 9:6 a.m.57 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/06 8:2 p.m.29 views

Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)

Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...

9.8CVSS8.8AI score0.09304EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 6:22 p.m.43 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...

8.8CVSS7.1AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:23 p.m.48 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785

Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

7.5CVSS8AI score0.05664EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2023/03/27 7:30 a.m.276 views

Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647 In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH team...

7.5CVSS7.6AI score0.05664EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.43 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.8AI score0.99615EPSS
Exploits43References32
Rows per page
Query Builder