62 matches found
K000157365: Moment vulnerability CVE-2022-31129
Security Advisory Description moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, whi...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moment
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moment. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...
Fedora 37 : python-notebook (2022-f9e459c893)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f9e459c893 advisory. Automatic update for python-notebook-6.4.11-3.fc37. Changelog Wed Jul 13 2022 Miro Hronok - 6.4.11-3 - Fix CVE-2022-24785 and CVE-2022-31129 in...
Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98189)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98189 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an...
Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates
Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...
Mageia: Security Advisory (MGASA-2024-0067)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : python-nikola (2024-1eb20f8ec3)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...
Fedora 39 : python-notebook (2023-3256575fc8)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3256575fc8 advisory. Automatic update for python-notebook-7.0.0-1.fc39. Changelog Thu Jul 20 2023 Lumir Balhar - 7.0.0-1 - Update to 7.0.0 rhbz2224039 Mon Jul 10 2023...
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)
Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update
New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785
Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647 In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH team...