8 matches found
EUVD-2025-176332
Malicious code in slow-data-moon-object-serialize npm...
Malicious code in slow-data-moon-object-serialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1c49854e181d4118e50a6f9910fd6b567e67cd382a7ff14982b0a228063d3a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates
Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
SUSE CVE-2024-39920
The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system to any server, when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the...
PT-2024-28734 · Tcp · Tcp
Name of the Vulnerable Software and Affected Versions: TCP protocol affected versions not specified Description: The issue is related to a timing side channel in the TCP protocol, making it easier for remote attackers to infer the content of one TCP connection from a client system to any server...
SUSE CVE-2017-15268
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c...
CVE-2017-15268
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c...
Memory corruption
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c...