Lucene search
K

62 matches found

F5 Networks
F5 Networks
added 2025/11/12 1:6 a.m.8 views

K000157365: Moment vulnerability CVE-2022-31129

Security Advisory Description moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, whi...

7.5CVSS6.5AI score0.04923EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:45 p.m.31 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moment

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moment. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...

7.5CVSS6.7AI score0.04923EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.16 views

Fedora 37 : python-notebook (2022-f9e459c893)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f9e459c893 advisory. Automatic update for python-notebook-6.4.11-3.fc37. Changelog Wed Jul 13 2022 Miro Hronok - 6.4.11-3 - Fix CVE-2022-24785 and CVE-2022-31129 in...

7.5CVSS6.8AI score0.05664EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/10/17 12:0 a.m.21 views

Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98189)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98189 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an...

7.5CVSS6.5AI score0.04923EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.64 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.42 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:15 a.m.40 views

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

7.8CVSS7.8AI score0.09905EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.32 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...

8.8CVSS7.7AI score0.0828EPSS
Exploits3References10
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2024-0067)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05664EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/02/11 12:0 a.m.31 views

Fedora 38 : python-nikola (2024-1eb20f8ec3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

7.5CVSS7.1AI score0.01707EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.42 views

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...

8.8CVSS7AI score0.04923EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.38 views

Fedora 39 : python-notebook (2023-3256575fc8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3256575fc8 advisory. Automatic update for python-notebook-7.0.0-1.fc39. Changelog Thu Jul 20 2023 Lumir Balhar - 7.0.0-1 - Update to 7.0.0 rhbz2224039 Mon Jul 10 2023...

7.5CVSS6.8AI score0.05664EPSS
Exploits1References3
Atlassian
Atlassian
added 2023/10/11 3:26 p.m.133 views

Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...

7.5CVSS7.3AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 9:6 a.m.56 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:54 p.m.53 views

Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)

Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...

7.5CVSS7.5AI score0.04923EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/15 9:19 a.m.40 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update

New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.7AI score0.04923EPSS
Exploits1References132
Tenable Nessus
Tenable Nessus
added 2023/06/15 12:0 a.m.30 views

RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

7.5CVSS6.8AI score0.04923EPSS
Exploits1References136
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 6:22 p.m.43 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...

8.8CVSS7.1AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:23 p.m.47 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785

Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

7.5CVSS8AI score0.05664EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2023/03/27 7:30 a.m.276 views

Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647 In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH team...

7.5CVSS7.6AI score0.05664EPSS
Exploits1
Rows per page
Query Builder