24 matches found
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Allocation of Resources Without Limits CVE-2025-15284
Summary qs is used by the IBM Datapower Operations Dashboard to parse URL query strings in Node.js Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in qs (CVE-2025-15284, CVE-2026-2391)
Summary Multiple vulnerabilities in the qs query string parsing library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 6.14.2. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...
linux-sgx security update
An update is available for linux-sgx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intel SGX SDK is a collection of APIs, libraries, documentations and...
Important: Red Hat Security Advisory: linux-sgx security update
An update for linux-sgx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Security Bulletin: Vulnerability in qs bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging include the qs library, which is vulnerable to a Denial of Service DoS due to improper input validation. The arrayLimit option in the library failed to enforce limits specifically for bracket notation a=1, allowing the creation of...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses qs-6.13.0.tgz, qs-6.14.0.tgz, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2025-15284, CVE-2026-2391, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information regardin...
Security Bulletin: DevOps Test Performance and Rational Performance Tester contains a vulnerabilty related to use of the qs library
Summary Due to use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerabiity. CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)
Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...
Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284
Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Input Validation due to node module qs (CVE-2025-15284)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improper Input Validation due to node module qs. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...
Security Bulletin: A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL 8.3 on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284.
Summary IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit option in qs does not enforce...
Security Bulletin: Vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-15284)
Summary There are 2 vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...
Fedora 43 : linux-sgx (2026-a84e0ad039)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a84e0ad039 advisory. Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override...
Security Bulletin: Reliability Strategies was using vulnerable library
Summary Reliability Strategies was using vulnerable library qs-6.13.0 which are vulnerable to CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit...
Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.
Summary The IBM Maximo Application Suite AI-Service component uses"base-x-4.0.0.tgz, body-parser-1.20.2.tgz, cross-spawn-7.0.3.tgz, glob-10.4.2.tgz, path-to-regexp-0.1.7.tgz, qs-6.13.0.tgz, qs-6.14.0.tgz, qs-6.5.3.tgz, urllib3-2.6.2-py3-none-any.whl" which are vulnerable to "CVE-2025-27611,...
Important: Red Hat Security Advisory: Red Hat build of Cryostat security update
An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
1k-utils (>=2.1.0 <=2.2.3), 22ndtech-angular-lib (>=0.0.7 <=0.0.57) +8828 more potentially affected by CVE-2025-15284 via qs (>=6.0.0 <=6.14.0)
qs NPM version =6.0.0, =2.1.0, =0.0.7, =0.2.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1-beta.1, =1.7.1-next.1, =0.0.1-alpha.3, =0.0.1-alpha.9, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-alpha.2 and more Source cves: CVE-2025-15284 Source advisory: SNYK:JS-QS-14724253...