Date: Tue, 13 May 2014 09:36:35 +0800 From: Paul Wise <pabs3@...edaddy.net> To: oss-security@...ts.openwall.com, contact@...tsecurity.io Subject: CVE request: various NodeJS module vulnerabilities Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE; CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660 https://nodesecurity.io/advisories printer potential command injection on untrusted input https://nodesecurity.io/advisories/printer_potential_command_injection hapi file descriptor leak can cause DoS vulnerability https://nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerability marked multiple content injection vulnerabilities https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities st directory traversal https://nodesecurity.io/advisories/st_directory_traversal codem-transcode potential command injection in ffprobe functionality https://nodesecurity.io/advisories/codem-transcode_command_injection Hubot Scripts Potential command injection in email.coffee https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee Tomato API Admin Auth Weakness https://nodesecurity.io/advisories/Tomato_API_Admin_Auth_Weakness ep_imageconvert unauthenticated remote command injection https://nodesecurity.io/advisories/ep_imageconvert_command_injection potential command injection in libnotify.notify https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify -- bye, pabs http://bonedaddy.net/pabs3/ Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.