Lucene search
+L

407 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/06 5:47 a.m.13 views

Malicious code in dayjs-plugin-duration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d6c09f6f8900e2be647537f5342bb545a0ee4b4affee0e47006cc43da3d489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/05/06 5:47 a.m.13 views

MAL-2025-3619 Malicious code in dayjs-plugin-duration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d6c09f6f8900e2be647537f5342bb545a0ee4b4affee0e47006cc43da3d489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.9 views

The vulnerability of the Apache Roller server for creating web blogs relates to incorrect session duration settings, which allows attackers to gain unauthorized access to the system.

The vulnerability of the Apache Roller server for creating web blogs is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the system remotely...

10CVSS8.1AI score0.01077EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.8 views

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios in Apache Airflow, stems from incorrect session duration settings. This allows attackers to maintain a session in the system.

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios, is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to maintain a session on the system...

8.5CVSS5.5AI score0.00936EPSS
Exploits0References4Affected Software1
Citrix
Citrix
added 2025/03/11 12:0 a.m.35 views

CVAD and DaaS: Troubleshooting missing logon duration in Citrix Director and Cloud Monitor

To troubleshoot missing logon duration information in monitor, please validate the prerequisites:https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/director/troubleshoot-deployments/user-issues/user-logon.htmlprerequisites Ensure Citrix Profile Management WMI Plug-in is installed:...

6.9AI score
Exploits0
Citrix
Citrix
added 2025/03/07 12:0 a.m.11 views

CVAD: Role of "Citrix Profile Management" service in reporting logon duration in Citrix Director

Q. What is the role of "Citrix Profile Management" service in logon duration reporting? Ans. The Citrix Profile Management service is responsible for collecting logon duration data from the Virtual Delivery Agent VDA. It gathers information about the logon process, including the time taken for...

6.8AI score
Exploits0
Citrix
Citrix
added 2025/03/07 12:0 a.m.12 views

CVAD: Importance of LogonTimings WMI class for reporting Logon Duration in Citrix Director

Ques: Why is LogonTimings WMI class important for reporting Logon Duration in Citrix Director? Ans: LogonTimings WMI class is crucial for monitoring and reporting logon durations in Citrix environments. It provides detailed metrics that help administrators analyze and troubleshoot logon performan...

7.2AI score
Exploits0
Citrix
Citrix
added 2025/03/07 12:0 a.m.11 views

CVAD: Logon Duration is not reported if "Do not process the legacy run list" group policy is enabled

Logon Duration is not logged in Citrix Director if "Do not process the legacy run list" group policy is enabled...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.7 views

The vulnerability of Acronis Cyber Protect 16’s data protection software lies in its incorrect session duration limits, which allow attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of Acronis Cyber Protect 16 software-related data protection software is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...

7.1CVSS6.3AI score0.00226EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/14 12:0 a.m.12 views

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. This allows attackers to gain unauthorized access and disclose the protected information.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access and disclose the protected information...

4.9CVSS5.5AI score0.00209EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2025/02/12 7:45 p.m.4 views

3id-connect (>=1.0.0-alpha.3 <=1.0.0-alpha.4), 3id-test-helper (>=1.0.0 <=1.0.4) +1827 more potentially affected by CVE-2025-25283 via parse-duration (>=0.1.1 <=1.1.2)

parse-duration NPM version =0.1.1, =1.0.0-alpha.3, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =1.0.21, =1.0.0, =0.0.1, =0.0.1, =1.0.0-beta.0, =0.1.0, =1.0.0, =0.0.1, =1.0.3, =0.0.8, =1.1.14 and more Source cves: CVE-2025-25283 Source advisory: OSV:GHSA-HCRG-FC28-FCG5...

7.5CVSS5.7AI score0.00746EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/12 7:45 p.m.42 views

parse-duration has a Regex Denial of Service that results in event loop delay and out of memory

Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB...

7.5CVSS7AI score0.00746EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/02/12 6:21 p.m.100 views

CVE-2025-25283

CVE-2025-25283 concerns parse-duration (node package). Versions prior to 2.1.3 are vulnerable to event-loop delay due to CPU-bound duration resolution and may cause an out-of-memory crash with large Unicode-containing inputs. A patch is available in 2.1.3; remediation is to upgrade to that versio...

7.5CVSS7.4AI score0.00746EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/12 6:21 p.m.20 views

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS7.4AI score0.00746EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/12 6:21 p.m.47 views

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS0.00746EPSS
Exploits0References3
Snyk
Snyk
added 2025/02/12 10:51 a.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...

8.7CVSS7AI score0.00746EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/12 12:0 a.m.8 views

The vulnerability of macOS operating systems relates to incorrect session expiration times, which allows attackers to trigger a service failure.

The vulnerability of macOS operating systems is related to incorrect session duration settings. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

10CVSS5.5AI score0.00541EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.10 views

PT-2025-7066 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: parse-duraton versions prior to 2.1.3 Description: The issue is related to an event loop delay due to the CPU-bound operation of resolving the provided string, which can range from 0.5ms to 50ms per operation, depending on the size of the inp...

7.5CVSS6.6AI score0.00746EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

parse-duration 安全漏洞

parse-duration is an application that converts readable durations to milliseconds by the individual developer Jake Rosoman. A security vulnerability exists in parse-duration prior to version 2.1.3, which stems from a CPU-intensive operation when parsing strings, and may result in a delayed event...

7.5CVSS6.5AI score0.00746EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.7 views

The vulnerability of the Persistent Login module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Persistent Login module in the Drupal CMS system is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS5.5AI score0.00401EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder