Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2022-31129

Medium priority

Some fixes available 4 of 111

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

node-moment, gnucash, mediawiki, ntopng, odoo...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-moment Not affected Fixed Fixed Fixed
gnucash Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ntopng Needs evaluation Needs evaluation Needs evaluation Needs evaluation
odoo Needs evaluation Needs evaluation Not in release Not in release
omnidb Needs evaluation Needs evaluation Needs evaluation Not in release
ruby-momentjs-rails Needs evaluation Needs evaluation Needs evaluation Not in release
sabnzbdplus Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syncthing Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Vulnerable Fixed Not affected Not affected
Show all 11 packages Show less packages

CVE-2022-24785

Medium priority

Some fixes available 3 of 6

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a...

2 affected packages

node-moment, nikola

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-moment Not affected Fixed Fixed Fixed
nikola
Show less packages

CVE-2017-18214

Low priority

Some fixes available 1 of 2

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

1 affected package

node-moment

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-moment Not affected Not affected Not affected
Show less packages

CVE-2016-4055

Medium priority

Some fixes available 1 of 4

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

1 affected package

node-moment

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-moment Not affected Not affected Not affected
Show less packages