Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...

MAL-2025-26325 Malicious code in mike-date-bvon (npm)

The package mike-date-bvon was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2022-24785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of...

K000148290: Moment.JS vulnerabilities CVE-2017-18214 and CVE-2022-24785

Security Advisory Description CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating,...

Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98189)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98189 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an...

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting...

Debian dla-3295 : libjs-moment - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3295 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3295-1 [email protected]...

Mozilla Thunderbird < 102.7

The version of Thunderbird installed on the remote Windows host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-03 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.6. Some of...

USN-5782-1: Firefox vulnerabilities

It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. CVE-2022-46871 Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker coul...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Moment.js vulnerabilities (USN-5559-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5559-1 advisory. It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a lo...

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

Input validation

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

CVE-2022-24785 Path Traversal in Moment.js

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

CVE-2022-24785

CVE-2022-24785 concerns Moment.js where a path traversal vulnerability could be triggered in npm/server contexts when a user-supplied locale string is directly used to switch locales. Affected versions are Moment.js up to 2.29.1 (inclusive); the issue is patched in 2.29.2. The fixed version shoul...

CVE-2022-24785 Path Traversal in Moment.js

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...

DEBIAN-CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...

CVE-2006-4976

CVE-2006-4976 : The Date Library in John Lim ADOdb Library for PHP permits remote information disclosure via direct requests to a large set of files across the package. Affected areas include: server.php, adodb-.inc.php (adodb-errorpear.inc.php, adodb-iterator.inc.php, adodb-pear.inc.php, adodb-p...