Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:NOKOGIRI-2015-5312
HistoryDec 14, 2015 - 9:00 p.m.

Nokogiri gem contains several vulnerabilities in libxml2

2015-12-1421:00:00
RubySec
rubysec.com
12
JSON

Nokogiri version 1.6.7.1 has been released, pulling in several upstream
patches to the vendored libxml2 to address the following CVEs:

CVE-2015-5312
CVSS v2 Base Score: 7.1 (HIGH)
The xmlStringLenDecodeEntities function in parser.c in libxml2
before 2.9.3 does not properly prevent entity expansion, which
allows context-dependent attackers to cause a denial of
service (CPU consumption) via crafted XML data, a different
vulnerability than CVE-2014-3660.

CVE-2015-7497
CVSS v2 Base Score: 5.0 (MEDIUM)
Heap-based buffer overflow in the xmlDictComputeFastQKey
function in dict.c in libxml2 before 2.9.3 allows
context-dependent attackers to cause a denial of service via
unspecified vectors.

CVE-2015-7498
CVSS v2 Base Score: 5.0 (MEDIUM)
Heap-based buffer overflow in the xmlParseXmlDecl function in
parser.c in libxml2 before 2.9.3 allows context-dependent
attackers to cause a denial of service via unspecified vectors
related to extracting errors after an encoding conversion
failure.

CVE-2015-7499
CVSS v2 Base Score: 5.0 (MEDIUM)
Heap-based buffer overflow in the xmlGROW function in parser.c
in libxml2 before 2.9.3 allows context-dependent attackers to
obtain sensitive process memory information via unspecified
vectors.

CVE-2015-7500
CVSS v2 Base Score: 5.0 (MEDIUM)
The xmlParseMisc function in parser.c in libxml2 before 2.9.3
allows context-dependent attackers to cause a denial of
service (out-of-bounds heap read) via unspecified vectors
related to incorrect entities boundaries and start tags.

CVE-2015-8241
CVSS v2 Base Score: 6.4 (MEDIUM)
The xmlNextChar function in libxml2 2.9.2 does not properly
check the state, which allows context-dependent attackers to
cause a denial of service (heap-based buffer over-read and
application crash) or obtain sensitive information via crafted
XML data.

CVE-2015-8242
CVSS v2 Base Score: 5.8 (MEDIUM)
The xmlSAX2TextNode function in SAX2.c in the push interface in
the HTML parser in libxml2 before 2.9.3 allows
context-dependent attackers to cause a denial of
service (stack-based buffer over-read and application crash) or
obtain sensitive information via crafted XML data.

CVE-2015-8317
CVSS v2 Base Score: 5.0 (MEDIUM)
The xmlParseXMLDecl function in parser.c in libxml2 before
2.9.3 allows context-dependent attackers to obtain sensitive
information via an (1) unterminated encoding value or (2)
incomplete XML declaration in XML data, which triggers an
out-of-bounds heap read.

CPENameOperatorVersion
nokogirilt1.6.0
nokogirilt1.6.7.1

Related

cloudfoundry 1
nessus 39
ubuntu 1
openvas 24
mageia 1
f5 3
veracode 13
ibm 13
osv 40
debian 6
oraclelinux 3
centos 2
redhat 4
amazon 3
freebsd 1
archlinux 1
fedora 4
prion 9
cve 9
debiancve 8
github 2
ubuntucve 9
gentoo 1
suse 1
securityvulns 1
cloudfoundry
cloudfoundry
USN-2834-1 libxml2 vulnerability | Cloud Foundry
2016-01-07 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-2834-1)
2015-12-15 00:00:00
RHEL 6 : libxml2 (RHSA-2015:2549)
2015-12-08 00:00:00
F5 Networks BIG-IP : Multiple libXML2 vulnerabilities (K61570943)
2016-02-16 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2015-12-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2834-1)
2015-12-15 00:00:00
Mageia: Security Advisory (MGASA-2015-0457)
2015-11-27 00:00:00
Oracle: Security Advisory (ELSA-2015-2549)
2015-12-08 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2015-11-26 23:47:39
f5
f5
K61570943 : Multiple libXML2 vulnerabilities
2016-02-15 00:00:00
K15872 : libxml2 vulnerability CVE-2014-3660
2015-09-16 00:00:00
SOL15872 - libxml2 vulnerability CVE-2014-3660
2014-12-04 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:51:46
Denial Of Service (DoS)
2019-05-02 05:51:46
Denial Of Service (DoS)
2019-05-02 05:51:46
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM Security Network Protection
2018-06-16 21:39:19
Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways
2021-06-08 22:18:27
Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM
2018-06-18 01:30:43
osv
osv
libxml2 - security update
2015-12-26 00:00:00
CVE-2016-9597
2018-07-30 14:29:02
Nokogiri subject to DoS via libxml2 vulnerability
2018-08-21 19:03:04
debian
debian
[SECURITY] [DLA 373-1] libxml2 security update
2015-12-26 13:08:39
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
oraclelinux
oraclelinux
libxml2 security update
2015-12-07 00:00:00
libxml2 security update
2015-12-07 00:00:00
libxml2 security update
2014-11-20 00:00:00
centos
centos
libxml2 security update
2015-12-07 13:26:33
libxml2 security update
2015-12-07 20:38:05
redhat
redhat
(RHSA-2015:2549) Moderate: libxml2 security update
2015-12-07 00:00:00
(RHSA-2015:2550) Moderate: libxml2 security update
2015-12-07 10:04:33
(RHSA-2014:1655) Moderate: libxml2 security update
2014-10-16 00:00:00
amazon
amazon
Medium: libxml2
2015-12-14 10:00:00
Medium: libxml2
2019-05-29 19:14:00
Medium: libxml2
2014-11-11 10:26:00
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2015-11-20 00:00:00
archlinux
archlinux
libxml2: multiple issues
2015-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22
2015-11-30 23:26:43
[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23
2015-11-26 21:01:32
[SECURITY] Fedora 19 Update: libxml2-2.9.1-2.fc19
2014-11-22 12:42:36
prion
prion
Code injection
2015-12-15 21:59:00
Heap overflow
2015-12-15 21:59:00
Heap overflow
2015-12-15 21:59:00
cve
cve
CVE-2015-5312
2015-12-15 21:59:00
CVE-2015-7498
2015-12-15 21:59:00
CVE-2015-8317
2015-12-15 21:59:00
debiancve
debiancve
CVE-2015-5312
2015-12-15 21:59:00
CVE-2015-8317
2015-12-15 21:59:00
CVE-2015-7497
2015-12-15 21:59:00
github
github
Nokogiri subject to DoS via libxml2 vulnerability
2018-08-21 19:03:04
Heap-based buffer overflow in nokogiri
2018-09-17 21:57:38
ubuntucve
ubuntucve
CVE-2015-5312
2015-11-26 00:00:00
CVE-2015-8241
2015-11-18 00:00:00
CVE-2015-8317
2015-11-23 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
suse
suse
Security update for sles12-docker-image (important)
2016-03-16 15:28:52
securityvulns
securityvulns
libxml DoS
2014-10-27 00:00:00
JSON
Related for RUBY:NOKOGIRI-2015-5312
cloudfoundry1nessus39ubuntu1openvas24mageia1f53veracode13ibm13osv40debian6oraclelinux3centos2redhat4amazon3freebsd1archlinux1fedora4prion9cve9debiancve8github2ubuntucve9gentoo1suse1securityvulns1