Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

CVE-2022-40785

Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app...

PT-2022-25539 · Unknown · Mipc Camera Firmware

Name of the Vulnerable Software and Affected Versions: mIPC camera firmware version 5.3.1.2003161406 Description: Unsanitized input when setting a locale file leads to shell injection in the firmware. This allows an attacker to gain remote code execution on cameras running the firmware when a...

GHSA-8HFJ-J24R-96C4 Path Traversal: 'dir/../../filename' in moment.locale

Impact This vulnerability impacts npm server users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. Patches This problem is patched in 2.29.2, and the patch can be applied to all affected versions from 1.0.1 up until 2.29.1, inclusive...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

UBUNTU-CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

CVE-2017-16654

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read methods of these classes use a path and a locale to determine the...

DEBIAN-CVE-2017-16654

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read methods of these classes use a path and a locale to determine the...

UBUNTU-CVE-2017-16654

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read methods of these classes use a path and a locale to determine the...

PHP Denial of Service Vulnerability (CNVD-2016-07714)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

[SECURITY] Fedora 19 Update: rxvt-unicode-9.20-1.fc19

rxvt-unicode is a clone of the well known terminal emulator rxvt, modified to store text in Unicode either UCS-2 or UCS-4 and to use locale-correct inp ut and output. It also supports mixing multiple fonts at the same time, includ ing Xft fonts...