10 matches found
Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)
Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...
Security Bulletin: Current Release of IBM® SDK for Node.js™ is affected by CVE-2014-7191
Summary Node.js qs denial-of-service vulnerability. Vulnerability Details CVE-ID: CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the qs module when parsing a string representing a deeply nested object. An attacker could exploit this vulnerability to...
Security Bulletin: Multiple vulnerabilities in modules from the IBM SDK for Node.js affect the Cordova tools packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux (CVE-2014-7191 and CVE-2014-7192)
Summary Security vulnerabilities have been discovered in the syntax-error and qs modules packaged in the IBM SDK for Node.js and Cordova platform packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux. The fix upgrades IBM SDK for Node.js to...
Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191)
Summary Security vulnerabilities have been reported for some dependent Node.js modules. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability Details CVE-ID: CVE-2014-6394 Description:...
Moderate: Red Hat Security Advisory: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update
An update for nodejs010-node-gyp and nodejs010-nodejs-qs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
UBUNTU-CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
CVE-2014-7191
CVE-2014-7191 affects the qs module in Node.js, where the qs parser fails to compact third-party array data, enabling memory exhaustion under crafted deeply-nested inputs (DoS). Public IBM advisories map the vulnerability to IBM Security Verify Governance (and related tools) and to Cordova-based ...
Fedora Update for nodejs-qs FEDORA-2014-11376
Check the version of nodejs-qs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868364";...