Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 May 2014 09:36:35 +0800
From: Paul Wise <>
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE;

CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660

printer potential command injection on untrusted input
hapi file descriptor leak can cause DoS vulnerability

marked multiple content injection vulnerabilities

st directory traversal

codem-transcode potential command injection in ffprobe functionality
Hubot Scripts Potential command injection in

Tomato API Admin Auth Weakness

ep_imageconvert unauthenticated remote command injection

potential command injection in libnotify.notify


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.