Date: Tue, 13 May 2014 09:36:35 +0800 From: Paul Wise <pabs3@...edaddy.net> To: oss-security@...ts.openwall.com, contact@...tsecurity.io Subject: CVE request: various NodeJS module vulnerabilities Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE; CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660 https://nodesecurity.io/advisories printer potential command injection on untrusted input https://nodesecurity.io/advisories/printer_potential_command_injection hapi file descriptor leak can cause DoS vulnerability https://nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerability marked multiple content injection vulnerabilities https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities st directory traversal https://nodesecurity.io/advisories/st_directory_traversal codem-transcode potential command injection in ffprobe functionality https://nodesecurity.io/advisories/codem-transcode_command_injection Hubot Scripts Potential command injection in email.coffee https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee Tomato API Admin Auth Weakness https://nodesecurity.io/advisories/Tomato_API_Admin_Auth_Weakness ep_imageconvert unauthenticated remote command injection https://nodesecurity.io/advisories/ep_imageconvert_command_injection potential command injection in libnotify.notify https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify -- bye, pabs http://bonedaddy.net/pabs3/ [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ