Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 10:22 a.m.77 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 9:6 a.m.53 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 9:44 a.m.35 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to execute arbitrary commands on the system, caused by a...

8.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 9:42 a.m.16 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details IBM X-Force ID: 238619 DESCRIPTION: Moment Moment-Timezone is vulnerable to a man-in-the-middle attack, caused by cleartext transmission of tz data durin...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 2:3 p.m.23 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. No impacts to VM Recovery Manager HA and DR cli. Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to...

8.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 4:16 p.m.17 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [X-Force 238619]

Summary Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/25 2:21 p.m.10 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

Summary Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

8.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 8:59 a.m.16 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone (IBM X-Force ID: 237819)

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone IBM X-Force ID: 237819. The fix includes a version of moment-timezone 0.5.35 Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote...

7.9AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/30 8:31 p.m.18 views

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1841 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)

moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-56X4-J7P9-FCF9...

5.7AI score
Exploits0
OSV
OSV
added 2022/08/30 8:31 p.m.6 views

GHSA-56X4-J7P9-FCF9 Command Injection in moment-timezone

Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...

6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/08/30 8:31 p.m.23 views

Command Injection in moment-timezone

Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. if Alice uses tzdata pipeline to package moment-timezone on her own for example via grunt data:2014d, where 2014d stands for the version of the tzdata to be used from IANA's website, and Alice...

0.7AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/30 8:28 p.m.4 views

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.1.5) +1841 more potentially affected by unknown CVE via moment-timezone (>=0.1.0 <=0.5.34)

moment-timezone NPM version =0.1.0, =0.0.1, =0.0.1, =4.11.0, =4.13.7-rc4, =1.70.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V78C-4P63-2J6C...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/30 8:28 p.m.20 views

Cleartext Transmission of Sensitive Information in moment-timezone

Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...

1.5AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.7 views

PT-2022-28282 · Unknown · Moment-Timezone

Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...

7.2AI score
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2021/09/14 12:0 a.m.61 views

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

10CVSS7.6AI score0.02604EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2021/09/14 12:0 a.m.53 views

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

10CVSS7.7AI score0.02604EPSS
Exploits0References1
Rows per page
Query Builder