Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.28 views

Debian dla-3150 : rexical - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3150 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3150-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8AI score0.05899EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2021-0063)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.05899EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/02/08 12:0 a.m.29 views

openSUSE Security Update : rubygem-nokogiri (openSUSE-2021-237)

This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 bsc1156722. Security issues fixed : - CVE-2019-5477: Fixed a command injection vulnerability bsc1146578. - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema bsc1180507. This update...

9.8CVSS6.9AI score0.05899EPSS
Exploits0References5
Mageia
Mageia
added 2021/02/04 1:40 p.m.60 views

Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS8AI score0.05899EPSS
Exploits0References3
OSV
OSV
added 2021/02/04 1:40 p.m.6 views

MGASA-2021-0063 Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS7AI score0.05899EPSS
Exploits0References4
Debian
Debian
added 2019/09/26 1:54 a.m.109 views

[SECURITY] [DLA 1933-1] ruby-nokogiri security update

Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477 A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend th...

9.8CVSS9.8AI score0.05899EPSS
Exploits0
Cvelist
Cvelist
added 2019/08/16 12:0 a.m.36 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

9.6AI score0.05899EPSS
Exploits0References8
CVE
CVE
added 2019/08/16 12:0 a.m.357 views

CVE-2019-5477

CVE-2019-5477 affects Nokogiri up to v1.10.3, where a command injection could occur if Ruby’s Kernel.open is used on an unsafe filename produced by Nokogiri::CSS::Tokenizer#load_file. Rexical v1.0.6 and earlier generate the problematic code; the issue was addressed when Rexical v1.0.7 and Nokogir...

9.8CVSS9.4AI score0.05899EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder