[SECURITY] [DLA 3134-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3134-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 03, 2022 https://wiki.debian.org/LTS -...

DLA-3135-1 libdatetime-timezone-perl - new timezone database

Bulletin has no description...

DLA-3134-1 tzdata - new timezone database

Bulletin has no description...

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1842 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)

moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-56X4-J7P9-FCF9...

Command Injection in moment-timezone

Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...

GHSA-56X4-J7P9-FCF9 Command Injection in moment-timezone

Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1842 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)

moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V78C-4P63-2J6C...

Cleartext Transmission of Sensitive Information in moment-timezone

Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...

PT-2022-28282 · Unknown · Moment-Timezone

Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...

CVE-2022-37819

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime...

CVE-2022-37819

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime...

CVE-2022-37819

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime...

Stack overflow

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime...

CVE-2022-37819

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime...

CVE-2022-37819

CVE-2022-37819 affects Tenda AX1803 v1.0.0.1. A stack overflow is triggered in the fromSetSysTime() function via the timezone parameter, due to improper boundary checking. Reported impacts include potential arbitrary code execution or denial of service; exploitability is described as local with l...

PT-2022-24097 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: A stack overflow issue was discovered in the Tenda AX1803, specifically via the timezone parameter in the fromSetSysTime function. Recommendations: For Tenda AX1803 version 1.0.0.1, consider restricti...

Debian: Security Advisory (DLA-3077-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The plugin does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. As an...

Directory Traversal

tzinfo is vulnerable to Directory Traversal. Whilte Time zone files are loaded with require on demand, it fails to properly validate the time zone identifiers with correct regular expressions, causing a new line character in the identifier. Therefore, an attacker can use TZInfo::Timezone.get to...

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...