16 matches found
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to execute arbitrary commands on the system, caused by a...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details IBM X-Force ID: 238619 DESCRIPTION: Moment Moment-Timezone is vulnerable to a man-in-the-middle attack, caused by cleartext transmission of tz data durin...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. No impacts to VM Recovery Manager HA and DR cli. Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [X-Force 238619]
Summary Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819
Summary Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone (IBM X-Force ID: 237819)
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone IBM X-Force ID: 237819. The fix includes a version of moment-timezone 0.5.35 Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote...
6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1841 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)
moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-56X4-J7P9-FCF9...
GHSA-56X4-J7P9-FCF9 Command Injection in moment-timezone
Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...
Command Injection in moment-timezone
Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...
6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1841 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)
moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V78C-4P63-2J6C...
Cleartext Transmission of Sensitive Information in moment-timezone
Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...
PT-2022-28282 · Unknown · Moment-Timezone
Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...
Security update for nextcloud (important)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...
Security update for nextcloud (important)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...