Lucene search
+L

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.65 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/11 12:0 a.m.31 views

Fedora 39 : python-nikola (2024-262ad83644)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-262ad83644 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

7.5CVSS7.1AI score0.01707EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/11 12:0 a.m.31 views

Fedora 38 : python-nikola (2024-1eb20f8ec3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

7.5CVSS7.1AI score0.01707EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/02/07 6:36 p.m.43 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.8CVSS9AI score0.02179EPSS
Exploits1References21
vulnersOsv
vulnersOsv
added 2023/01/09 2:10 p.m.4 views

@allsource/ui.partials.navbar.navbar (>=0.0.15 <=0.0.53), @allsource/ui.partials.navbar.usericons (>=0.0.1 <=0.0.30) +220 more potentially affected by CVE-2023-22467 via luxon (>=3.0.0 <=3.2.0)

luxon NPM version =3.0.0, =0.0.15, =0.0.1, =5.17.1-login-manager.0, =1.0.0, =4.25.0, =0.13.47-alpha, =0.21.10-alpha, =2.0.0, =3.0.0, =3.0.0, =2.0.0, =0.3.2, =0.1.1, =13.0.0, =13.3.7 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

7.5CVSS7.1AI score0.01707EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/01/09 2:10 p.m.6 views

@918pixels/test (=1.1.1), @abt-desk/apm (>=0.0.25 <=0.33.12) +241 more potentially affected by CVE-2023-22467 via luxon (>=1.0.0 <=1.28.0)

luxon NPM version =1.0.0, =0.0.25, =1.0.0, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.3.0, =0.0.0-nightly-2021242250, =0.8.1, =0.12.4, =0.6.5, =0.12.0, =0.0.1, =1.0.9, =1.0.0, =1.0.9 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

7.5CVSS7.2AI score0.01707EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/01/09 2:10 p.m.5 views

@arcgis/core (>=4.21.0 <=4.25.0-next.20220711), @archimedes/arch (>=2.1.1-beta.1 <=2.2.0-beta.4) +185 more potentially affected by CVE-2023-22467 via luxon (>=2.0.1 <=2.5.0)

luxon NPM version =2.0.1, =4.21.0, =2.1.1-beta.1, =1.6.1, =2.1.0, =1.5.15, =0.1.0, =0.1.0, =0.0.0-nightly-2021812202, =0.10.592-alpha, =0.14.1021, =3.0.1, =3.2.7-alpha.6226622763, =1.4.48, =1.4.50 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

7.5CVSS7.1AI score0.01707EPSS
Exploits0
CVE
CVE
added 2023/01/04 9:52 p.m.520 views

CVE-2023-22467

Luxon’s DateTime.fromRFC2822() on the 1.x branch before 1.38.1, the 2.x branch before 2.5.2, and the 3.x branch on 3.2.1 exhibits quadratic (N^2) complexity for some inputs, causing slowdowns for untrusted data (≈ &gt;10k chars) and enabling (Re)DoS. Patches exist in 1.38.1, 2.5.2, and 3.2.1; a r...

7.5CVSS7.7AI score0.01707EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/04 9:52 p.m.25 views

CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

7.5CVSS6.4AI score0.01707EPSS
Exploits0References8
Rows per page
Query Builder