Lucene search
K

121 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in node-moment

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability affects users of Moment.js on npm server versions between 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch the moment locale...

7.5CVSS6.5AI score0.05664EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1677

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.05664EPSS
Exploits0References35
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:7 a.m.4 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1

Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...

7.5CVSS6.7AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/22 10:57 a.m.6 views

Security Bulletin: Vulnerability in moment.js affects IBM Integrated Analytics System [CVE-2022-31129]

Summary The moment.js package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: moment is a JavaScript date library for parsing, validating, manipulating, and formatti...

7.5CVSS6.6AI score0.03949EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/05/05 12:13 a.m.17 views

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

7.5CVSS6.6AI score0.05664EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/04 9:22 p.m.29 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)

Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...

7.5CVSS7AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:53 a.m.31 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS9.3AI score0.19312EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:36 a.m.47 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

9.8CVSS9.4AI score0.05664EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2022-24785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of...

7.5CVSS6.5AI score0.05664EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 7:10 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in moment.js used by IBM Jazz Reporting Service (JRS) (CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2022-31129)

Summary There are multiple vulnerabilities identified in IBM Jazz Reporting Service JRS. These vulnerabilities have been fixed. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse...

7.8CVSS7.5AI score0.09905EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
added 2024/10/28 8:45 p.m.28 views

K000148290: Moment.JS vulnerabilities CVE-2017-18214 and CVE-2022-24785

Security Advisory Description CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating,...

7.5CVSS6.4AI score0.05664EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 3:51 p.m.25 views

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

9.8CVSS10AI score0.24928EPSS
Exploits6Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/10/17 12:0 a.m.14 views

Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98190)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98190 advisory. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm...

7.5CVSS6.7AI score0.05664EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.64 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 9:4 a.m.56 views

Security Bulletin: Vulnerability in nodejs moment.js affect Cloud Pak System [CVE-2022-24785]

Summary Vulnerability in nodejs moment.js affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafte...

7.5CVSS7.4AI score0.05664EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS6.9AI score0.05664EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/11 12:0 a.m.25 views

RHEL 8 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Moment.js: Path traversal in moment.locale CVE-2022-24785 - ansi-regex is vulnerable to Inefficient Regul...

7.5CVSS7.5AI score0.05664EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.37 views

RHEL 8 : moment.js (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Moment.js: Path traversal in moment.locale CVE-2022-24785 Note that Nessus has not tested for this issue but has...

7.8AI score0.05664EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:15 a.m.39 views

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

7.8CVSS7.8AI score0.09905EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.32 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...

8.8CVSS7.7AI score0.0828EPSS
Exploits3References10
Rows per page
Query Builder