121 matches found
Astra Linux – Vulnerability in node-moment
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability affects users of Moment.js on npm server versions between 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch the moment locale...
EUVD-2022-1677
Malicious code in bioql PyPI...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1
Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...
Security Bulletin: Vulnerability in moment.js affects IBM Integrated Analytics System [CVE-2022-31129]
Summary The moment.js package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: moment is a JavaScript date library for parsing, validating, manipulating, and formatti...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)
Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...
Linux Distros Unpatched Vulnerability : CVE-2022-24785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of...
Security Bulletin: Multiple Vulnerabilities in moment.js used by IBM Jazz Reporting Service (JRS) (CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2022-31129)
Summary There are multiple vulnerabilities identified in IBM Jazz Reporting Service JRS. These vulnerabilities have been fixed. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse...
K000148290: Moment.JS vulnerabilities CVE-2017-18214 and CVE-2022-24785
Security Advisory Description CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating,...
Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...
Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98190)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98190 advisory. - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm...
Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates
Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
Security Bulletin: Vulnerability in nodejs moment.js affect Cloud Pak System [CVE-2022-24785]
Summary Vulnerability in nodejs moment.js affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafte...
VulnCheck KEV: CVE-2022-24785
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
RHEL 8 : ceph (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Moment.js: Path traversal in moment.locale CVE-2022-24785 - ansi-regex is vulnerable to Inefficient Regul...
RHEL 8 : moment.js (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Moment.js: Path traversal in moment.locale CVE-2022-24785 Note that Nessus has not tested for this issue but has...
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...