50 matches found
ROOT-APP-NPM-CVE-2022-24785 CVE-2022-24785 in @rootio/moment - Patched by Root
Root has patched CVE-2022-24785 in the @rootio/moment package for Root:npm. Multiple fixed versions available...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1
Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)
Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Fedora 37 : python-notebook (2022-f9e459c893)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f9e459c893 advisory. Automatic update for python-notebook-6.4.11-3.fc37. Changelog Wed Jul 13 2022 Miro Hronok - 6.4.11-3 - Fix CVE-2022-24785 and CVE-2022-31129 in...
Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98190)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98190 advisory. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm...
Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates
Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...
Mageia: Security Advisory (MGASA-2024-0067)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : python-notebook (2023-3256575fc8)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3256575fc8 advisory. Automatic update for python-notebook-7.0.0-1.fc39. Changelog Thu Jul 20 2023 Lumir Balhar - 7.0.0-1 - Update to 7.0.0 rhbz2224039 Mon Jul 10 2023...
Security Bulletin: IBM Storage Ceph is vulnerable to a path traversal vulnerablity in Moment.js (CVE-2022-24785)
Summary Moment.js is used within the IBM Storage Ceph Dashboard and in assorted other locations. CVE-2022-24785 Vulnerability Details CVEID: CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied...
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)
Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785
Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647 In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH team...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...