Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/09 1:15 p.m.49 views

Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)

Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...

7.3AI score0.08309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.24 views

Security Bulletin: Current Release of IBM® SDK for Node.js™ is affected by CVE-2014-7191

Summary Node.js qs denial-of-service vulnerability. Vulnerability Details CVE-ID: CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the qs module when parsing a string representing a deeply nested object. An attacker could exploit this vulnerability to...

5CVSS0.7AI score0.08309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.26 views

Security Bulletin: Multiple vulnerabilities in modules from the IBM SDK for Node.js affect the Cordova tools packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux (CVE-2014-7191 and CVE-2014-7192)

Summary Security vulnerabilities have been discovered in the syntax-error and qs modules packaged in the IBM SDK for Node.js and Cordova platform packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux. The fix upgrades IBM SDK for Node.js to...

10CVSS0.6AI score0.13441EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:1 a.m.28 views

Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191)

Summary Security vulnerabilities have been reported for some dependent Node.js modules. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability Details CVE-ID: CVE-2014-6394 Description:...

7.5CVSS0.3AI score0.08309EPSS
Exploits1Affected Software3
RedHat Linux
RedHat Linux
added 2016/07/05 6:25 a.m.36 views

Moderate: Red Hat Security Advisory: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update

An update for nodejs010-node-gyp and nodejs010-nodejs-qs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5CVSS7AI score0.08309EPSS
Exploits0References3
NVD
NVD
added 2014/10/19 1:55 a.m.14 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS8.3AI score0.08309EPSS
Exploits0References10
OSV
OSV
added 2014/10/19 1:55 a.m.8 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

6.4AI score
Exploits0References10
OSV
OSV
added 2014/10/19 1:55 a.m.3 views

UBUNTU-CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7.1AI score0.08309EPSS
Exploits0References4
CVE
CVE
added 2014/10/19 1:0 a.m.85 views

CVE-2014-7191

CVE-2014-7191 affects the qs module in Node.js, where the qs parser fails to compact third-party array data, enabling memory exhaustion under crafted deeply-nested inputs (DoS). Public IBM advisories map the vulnerability to IBM Security Verify Governance (and related tools) and to Cordova-based ...

5CVSS6.4AI score0.08309EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVAS
added 2014/10/07 12:0 a.m.25 views

Fedora Update for nodejs-qs FEDORA-2014-11376

Check the version of nodejs-qs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868364";...

5CVSS8.7AI score0.08309EPSS
Exploits0References2
Rows per page
Query Builder