407 matches found
Malicious code in dayjs-plugin-duration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d6c09f6f8900e2be647537f5342bb545a0ee4b4affee0e47006cc43da3d489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3619 Malicious code in dayjs-plugin-duration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d6c09f6f8900e2be647537f5342bb545a0ee4b4affee0e47006cc43da3d489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the Apache Roller server for creating web blogs relates to incorrect session duration settings, which allows attackers to gain unauthorized access to the system.
The vulnerability of the Apache Roller server for creating web blogs is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the system remotely...
The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios in Apache Airflow, stems from incorrect session duration settings. This allows attackers to maintain a session in the system.
The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios, is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to maintain a session on the system...
CVAD and DaaS: Troubleshooting missing logon duration in Citrix Director and Cloud Monitor
To troubleshoot missing logon duration information in monitor, please validate the prerequisites:https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/director/troubleshoot-deployments/user-issues/user-logon.htmlprerequisites Ensure Citrix Profile Management WMI Plug-in is installed:...
CVAD: Role of "Citrix Profile Management" service in reporting logon duration in Citrix Director
Q. What is the role of "Citrix Profile Management" service in logon duration reporting? Ans. The Citrix Profile Management service is responsible for collecting logon duration data from the Virtual Delivery Agent VDA. It gathers information about the logon process, including the time taken for...
CVAD: Importance of LogonTimings WMI class for reporting Logon Duration in Citrix Director
Ques: Why is LogonTimings WMI class important for reporting Logon Duration in Citrix Director? Ans: LogonTimings WMI class is crucial for monitoring and reporting logon durations in Citrix environments. It provides detailed metrics that help administrators analyze and troubleshoot logon performan...
CVAD: Logon Duration is not reported if "Do not process the legacy run list" group policy is enabled
Logon Duration is not logged in Citrix Director if "Do not process the legacy run list" group policy is enabled...
The vulnerability of Acronis Cyber Protect 16’s data protection software lies in its incorrect session duration limits, which allow attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of Acronis Cyber Protect 16 software-related data protection software is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. This allows attackers to gain unauthorized access and disclose the protected information.
The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access and disclose the protected information...
3id-connect (>=1.0.0-alpha.3 <=1.0.0-alpha.4), 3id-test-helper (>=1.0.0 <=1.0.4) +1827 more potentially affected by CVE-2025-25283 via parse-duration (>=0.1.1 <=1.1.2)
parse-duration NPM version =0.1.1, =1.0.0-alpha.3, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =1.0.21, =1.0.0, =0.0.1, =0.0.1, =1.0.0-beta.0, =0.1.0, =1.0.0, =0.0.1, =1.0.3, =0.0.8, =1.1.14 and more Source cves: CVE-2025-25283 Source advisory: OSV:GHSA-HCRG-FC28-FCG5...
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB...
CVE-2025-25283
CVE-2025-25283 concerns parse-duration (node package). Versions prior to 2.1.3 are vulnerable to event-loop delay due to CPU-bound duration resolution and may cause an out-of-memory crash with large Unicode-containing inputs. A patch is available in 2.1.3; remediation is to upgrade to that versio...
CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...
CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...
Regular Expression Denial of Service (ReDoS)
Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...
The vulnerability of macOS operating systems relates to incorrect session expiration times, which allows attackers to trigger a service failure.
The vulnerability of macOS operating systems is related to incorrect session duration settings. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
PT-2025-7066 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: parse-duraton versions prior to 2.1.3 Description: The issue is related to an event loop delay due to the CPU-bound operation of resolving the provided string, which can range from 0.5ms to 50ms per operation, depending on the size of the inp...
parse-duration 安全漏洞
parse-duration is an application that converts readable durations to milliseconds by the individual developer Jake Rosoman. A security vulnerability exists in parse-duration prior to version 2.1.3, which stems from a CPU-intensive operation when parsing strings, and may result in a delayed event...
The vulnerability of the Persistent Login module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Persistent Login module in the Drupal CMS system is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...