RubySecRUBY:NOKOGIRI-2016-4658

HistoryMar 10, 2017 - 9:00 p.m.

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2017-03-1021:00:00

RubySec

rubysec.com

Nokogiri version 1.7.1 has been released, pulling in several upstream
patches to the vendored libxml2 to address the following CVEs:

CVE-2016-4658
CVSS v3 Base Score: 9.8 (Critical)
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS before 3 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted XML document.

CVE-2016-5131
CVSS v3 Base Score: 8.8 (HIGH)
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google
Chrome before 52.0.2743.82, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
the XPointer range-to function.

CPENameOperatorVersion
nokogirilt1.7.1

CPE	Name	Operator	Version
	nokogiri	lt	1.7.1

References

github.com/sparklemotion/nokogiri/issues/1615

debian 5

nessus 61

archlinux 2

openvas 37

veracode 3

osv 3

cloudfoundry 1

ubuntu 2

github 1

ibm 22

cloudlinux 1

oraclelinux 2

prion 2

debiancve 2

f5 2

redhatcve 1

cve 2

redhat 9

ubuntucve 2

centos 2

alpinelinux 1

fedora 4

amazon 3

altlinux 3

mageia 1

gentoo 2

apple 8

rosalinux 1

threatpost 1

suse 7

kaspersky 1

freebsd 1

chrome 1

androidsecurity 2

tenable 1

debian

[SECURITY] [DSA 3744-1] libxml2 security update

2016-12-23 18:31:42

[SECURITY] [DSA 3744-1] libxml2 security update

2016-12-23 18:31:42

[SECURITY] [DLA 691-1] libxml2 security update

2016-10-31 17:09:55

nessus

Debian DSA-3744-1 : libxml2 - security update

2016-12-27 00:00:00

Debian DLA-691-1 : libxml2 security update

2016-11-01 00:00:00

Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-3235-1)

2017-03-17 00:00:00

archlinux

[ASA-201611-2] libxml2: arbitrary code execution

2016-11-01 00:00:00

chromium: multiple issues

2016-07-24 00:00:00

openvas

Debian Security Advisory DSA 3744-1 (libxml2 - security update)

2016-12-23 00:00:00

Debian: Security Advisory (DLA-691-1)

2023-03-08 00:00:00

Debian: Security Advisory (DSA-3744-1)

2016-12-22 00:00:00

veracode

Copy-Paste Vulnerability (CPV) Through Libxml2

2017-03-23 01:10:27

Use-after Free

2020-04-01 00:39:15

Remote Code Execution (RCE)

2018-05-23 05:14:44

osv

libxml2 - security update

2016-10-31 00:00:00

Nokogiri does not forbid namespace nodes in XPointer ranges

2018-08-21 19:03:26

chromium-browser - security update

2016-07-31 00:00:00

cloudfoundry

USN-3235-1: libxml2 vulnerabilities | Cloud Foundry

2017-03-31 00:00:00

ubuntu

libxml2 vulnerabilities

2017-03-16 00:00:00

Oxide vulnerabilities

2016-08-05 00:00:00

github

Nokogiri does not forbid namespace nodes in XPointer ranges

2018-08-21 19:03:26

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution due to [CVE-2016-4658]

2022-11-03 17:03:31

Security Bulletin: IBM QRadar Network Security is affected by an arbitrary code execution vulnerability (CVE-2016-4658)

2022-03-31 03:36:56

Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM)

2023-04-14 14:32:25

cloudlinux

libxml2: Fix of CVE-2016-4658

2023-11-07 18:21:51

oraclelinux

libxml2 security update

2021-10-13 00:00:00

libxml2 security update

2020-04-06 00:00:00

prion

Memory corruption

2016-09-25 10:59:00

Design/Logic Flaw

2016-07-23 19:59:00

debiancve

CVE-2016-4658

2016-09-25 10:59:00

CVE-2016-5131

2016-07-23 19:59:00

K49419538 : libxml2 vulnerability CVE 2016-4658

2022-04-05 00:00:00

K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

2022-02-15 00:00:00

redhatcve

CVE-2016-4658

2016-10-13 09:47:26

cve

CVE-2016-4658

2016-09-25 10:59:00

CVE-2016-5131

2016-07-23 19:59:00

redhat

(RHSA-2021:3810) Moderate: libxml2 security update

2021-10-12 13:23:35

(RHSA-2020:1190) Moderate: libxml2 security update

2020-03-31 09:30:25

(RHSA-2016:1485) Important: chromium-browser security update

2016-07-26 05:05:36

ubuntucve

CVE-2016-4658

2016-09-25 00:00:00

CVE-2016-5131

2016-07-23 00:00:00

centos

libxml2 security update

2021-11-17 14:46:50

libxml2 security update

2020-04-08 18:42:56

alpinelinux

CVE-2016-5131

2016-07-23 19:59:00

fedora

[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26

2018-02-14 17:11:02

[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27

2018-01-30 18:12:24

[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25

2017-04-19 09:32:17

amazon

Medium: libxml2

2019-09-30 22:47:00

Important: libxml2

2020-08-10 22:59:00

Important: libxml2

2020-07-21 16:34:00

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-07 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

mageia

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

2018-01-03 18:50:51

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

Chromium: Multiple vulnerabilities

2016-10-29 00:00:00

apple

About the security content of watchOS 3 - Apple Support

2020-07-27 08:13:37

About the security content of watchOS 3

2016-09-13 00:00:00

About the security content of tvOS 10

2016-09-13 00:00:00

rosalinux

Advisory ROSA-SA-2021-1905

2021-07-02 17:25:35

threatpost

Google Fixes 48 Bugs, Sandbox Escape, in Chrome

2016-07-21 17:04:50

suse

Security update for Chromium (important)

2016-07-25 15:10:08

Security update for Chromium (important)

2016-07-31 21:08:18

Security update for Chromium (important)

2016-07-25 15:10:21

kaspersky

KLA10846 Multiple vulnerabilities in Google Chrome

2016-07-20 00:00:00

freebsd

chromium -- multiple vulnerabilities

2016-07-20 00:00:00

chrome

Stable Channel Update

2016-07-20 00:00:00

androidsecurity

Android Security Bulletin—June 2017

2017-06-05 00:00:00

Android Security Bulletin—May 2017

2017-05-01 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:NOKOGIRI-2016-4658