80 matches found
ansi-regex 安全漏洞
Ansi-Regex is a regular expression used to match ANSI escape codes. A security vulnerability exists in ansi-regex that stems from vulnerability to inefficient regular expression complexity...
Inefficient Regular Expression Complexity in chalk/ansi-regex
✍️ Description It allows cause a denial of service when matching crafted invalid ANSI escape codes. 🕵️♂️ Proof of Concept // PoC.mjs import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000; ansiRegex.testattackstr var timecost...
PT-2021-5798
Name of the Vulnerable Software and Affected Versions ansi-regex affected versions not specified Description The issue is related to Inefficient Regular Expression Complexity, which could lead to a denial of service when parsing invalid ANSI escape codes. This can be exploited by a remote attacke...
GHSA-2V5F-23XC-V9QR ansi_up cross-site scripting vulnerability
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
Cross-site Scripting(XSS)
node-ansi-up:sid is vulnerable to cross-site scripting XSS. ANSI escape codes can be used to create HTML hyperlinks due to insufficient URL sanitization...
DEBIAN-CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
ansi_up 跨站脚本漏洞
Dru Nelson ansiup is a Dru Nelson open source application. Ansiup is an open source application Dru Nelson that converts text containing ANSI color escapes to HTML. A security vulnerability exists in ansiup v4, which can be exploited to create HTML hyperlinks from ansi escape code...
Huawei EulerOS: Security Advisory for irssi (EulerOS-SA-2019-2161)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : irssi (EulerOS-SA-2019-2161)
According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.CVE-2018-5207 - When the channel topic...
Low: lldpad security and bug fix update
The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol LLDP Agent with Enhanced Ethernet support. Security Fixes: lldptool: improper sanitization of shell-escape codes CVE-2018-10932 For more details about the security issues,...
lldpad security and bug fix update
An update is available for lldpad. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lldpad packages provide the Linux user space daemon and configuration tool...
UBUNTU-CVE-2019-6109
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
Fedora 28 : lldpad (2018-cec7093baa)
Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...
Fedora 29 : lldpad (2018-06d56c8c9d)
Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...
Fedora 27 : lldpad (2018-e9d1ec6dbc)
Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...
CVE-2018-1000021
It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file...
[ASA-201801-12] irssi: denial of service
Arch Linux Security Advisory ASA-201801-12 ========================================== Severity: Medium Date : 2018-01-16 CVE-ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 Package : irssi Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-575 Summary...
Updated irssi packages fix security vulnerabilities
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...