Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 May 2014 09:36:35 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE;

CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660

https://nodesecurity.io/advisories

printer potential command injection on untrusted input
https://nodesecurity.io/advisories/printer_potential_command_injection
hapi file descriptor leak can cause DoS vulnerability
https://nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerability

marked multiple content injection vulnerabilities
https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities

st directory traversal
https://nodesecurity.io/advisories/st_directory_traversal

codem-transcode potential command injection in ffprobe functionality
https://nodesecurity.io/advisories/codem-transcode_command_injection
Hubot Scripts Potential command injection in email.coffee
https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee

Tomato API Admin Auth Weakness
https://nodesecurity.io/advisories/Tomato_API_Admin_Auth_Weakness

ep_imageconvert unauthenticated remote command injection
https://nodesecurity.io/advisories/ep_imageconvert_command_injection

potential command injection in libnotify.notify
https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify

-- 
bye,
pabs

http://bonedaddy.net/pabs3/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ