Lucene search
K

80 matches found

CNNVD
CNNVD
added 2021/09/17 12:0 a.m.3 views

ansi-regex 安全漏洞

Ansi-Regex is a regular expression used to match ANSI escape codes. A security vulnerability exists in ansi-regex that stems from vulnerability to inefficient regular expression complexity...

7.8CVSS7.2AI score0.03304EPSS
Exploits1References37
Huntr
Huntr
added 2021/09/09 11:25 a.m.120 views

Inefficient Regular Expression Complexity in chalk/ansi-regex

✍️ Description It allows cause a denial of service when matching crafted invalid ANSI escape codes. 🕵️‍♂️ Proof of Concept // PoC.mjs import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000; ansiRegex.testattackstr var timecost...

7.8CVSS2.8AI score0.03304EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.8 views

PT-2021-5798

Name of the Vulnerable Software and Affected Versions ansi-regex affected versions not specified Description The issue is related to Inefficient Regular Expression Complexity, which could lead to a denial of service when parsing invalid ANSI escape codes. This can be exploited by a remote attacke...

7.8CVSS6.8AI score0.03304EPSS
Exploits1References298
OSV
OSV
added 2021/03/11 10:50 p.m.19 views

GHSA-2V5F-23XC-V9QR ansi_up cross-site scripting vulnerability

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS5.7AI score0.08EPSS
Exploits1References4
Veracode
Veracode
added 2021/03/07 5:6 p.m.19 views

Cross-site Scripting(XSS)

node-ansi-up:sid is vulnerable to cross-site scripting XSS. ANSI escape codes can be used to create HTML hyperlinks due to insufficient URL sanitization...

6.1CVSS0.7AI score0.08EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/03/05 9:15 p.m.4 views

DEBIAN-CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS5.7AI score0.08EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/03/05 9:15 p.m.12 views

CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS6.7AI score0.08EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/03/05 7:3 p.m.22 views

CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS5.7AI score0.08EPSS
Exploits1
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.4 views

ansi_up 跨站脚本漏洞

Dru Nelson ansiup is a Dru Nelson open source application. Ansiup is an open source application Dru Nelson that converts text containing ANSI color escapes to HTML. A security vulnerability exists in ansiup v4, which can be exploited to create HTML hyperlinks from ansi escape code...

6.1CVSS6.6AI score0.08EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for irssi (EulerOS-SA-2019-2161)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.02439EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.37 views

EulerOS 2.0 SP5 : irssi (EulerOS-SA-2019-2161)

According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.CVE-2018-5207 - When the channel topic...

9.8CVSS8AI score0.02439EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2019/11/05 6:14 p.m.47 views

Low: lldpad security and bug fix update

The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol LLDP Agent with Enhanced Ethernet support. Security Fixes: lldptool: improper sanitization of shell-escape codes CVE-2018-10932 For more details about the security issues,...

3.3CVSS1.2AI score0.01038EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2019/11/05 6:14 p.m.30 views

lldpad security and bug fix update

An update is available for lldpad. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lldpad packages provide the Linux user space daemon and configuration tool...

4.3CVSS1AI score0.01038EPSS
Exploits0
OSV
OSV
added 2019/01/14 12:0 a.m.2 views

UBUNTU-CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.9AI score0.03807EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.35 views

Fedora 28 : lldpad (2018-cec7093baa)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

4.3CVSS4.9AI score0.01038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.24 views

Fedora 29 : lldpad (2018-06d56c8c9d)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

4.3CVSS4.9AI score0.01038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/16 12:0 a.m.33 views

Fedora 27 : lldpad (2018-e9d1ec6dbc)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

4.3CVSS4.9AI score0.01038EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/02/05 5:19 a.m.24 views

CVE-2018-1000021

It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file...

6.8CVSS2AI score0.01081EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2018/01/16 12:0 a.m.28 views

[ASA-201801-12] irssi: denial of service

Arch Linux Security Advisory ASA-201801-12 ========================================== Severity: Medium Date : 2018-01-16 CVE-ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 Package : irssi Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-575 Summary...

9.8CVSS1.2AI score0.02439EPSS
Exploits0References11
Mageia
Mageia
added 2018/01/12 7:49 p.m.36 views

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

9.8CVSS2.5AI score0.02439EPSS
Exploits0References2
Rows per page
Query Builder