Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

Ubuntu 16.04 ESM : Moment.js vulnerabilities (USN-4786-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4786-1 advisory. It was discovered that Moment.js mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service. Tenable h...

SUSE CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

Upgrade Moment.js to 2.22.1+ as required for CVE-2017-18214, CVE-2016-4055

Affected versions of Atlassian Jira Server and Data Center used versions of Moment.js that were vulnerable to CVE-2017-18214 and CVE-2016-4055. The affected versions of Atlassian Jira Server and Data Center are before version 8.22.0. Affected versions: version 8.22.0 Fixed versions: 9.3.1/9.4.0...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a denial of service vulnerability in Angular.js

Summary A denial of service vulnerability in Angular.js used by IBM InfoSphere Information Analyzer was addressed. Vulnerability Details CVEID: CVE-2016-4055 DESCRIPTION: The Node.js moment module is vulnerable to a denial of service, caused by an error in the regular expression implementation. A...

Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.3.0. It is, therefore, affected by: - An information disclosure vulnerability exists in OpenSSL. A remote attacker may be able to obtain sensitive information, caused by the failure to...

Oracle Primavera Unifier Multiple Vulnerabilities (July 2018 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.0, 17.x prior to 17.12.7.0, or 18.x prior to 18.7.0.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for the...

CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

2ch (>=0.1.0 <=0.1.3), 3loc (>=0.2.0 <=0.4.0) +1296 more potentially affected by CVE-2016-4055 via moment (>=1.0.0 <=2.11.1)

moment NPM version =1.0.0, =0.1.0, =0.2.0, =0.0.13, =1.0.0, =0.2.11, =1.0.1, =1.0.33, =0.0.15, =1.2.6, =2.1.7 and more Source cves: CVE-2016-4055 Source advisory: OSV:GHSA-87VV-R9J6-G5QV...

CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

CVE-2016-4055

Moment.js (Node.js) is affected by CVE-2016-4055 due to a vulnerability in its regular expression handling that can enable a DoS (high CPU usage) via crafted input. Public details show the issue as a ReDoS against the moment package prior to 2.11.2, with remediation requiring upgrading to a patch...