oss-security - CVE request: various NodeJS module vulnerabilities

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <1399944995.3095.25.camel@chianamo>
Date: Tue, 13 May 2014 09:36:35 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE;

CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660

https://nodesecurity.io/advisories

printer potential command injection on untrusted input
https://nodesecurity.io/advisories/printer_potential_command_injection
hapi file descriptor leak can cause DoS vulnerability
https://nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerability

marked multiple content injection vulnerabilities
https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities

st directory traversal
https://nodesecurity.io/advisories/st_directory_traversal

codem-transcode potential command injection in ffprobe functionality
https://nodesecurity.io/advisories/codem-transcode_command_injection
Hubot Scripts Potential command injection in email.coffee
https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee

Tomato API Admin Auth Weakness
https://nodesecurity.io/advisories/Tomato_API_Admin_Auth_Weakness

ep_imageconvert unauthenticated remote command injection
https://nodesecurity.io/advisories/ep_imageconvert_command_injection

potential command injection in libnotify.notify
https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify

-- 
bye,
pabs

http://bonedaddy.net/pabs3/

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.