Lucene search
K

27 matches found

Snyk
Snyk
added 2021/05/17 8:52 p.m.2 views

Denial of Service (DoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Denial of Service DoS. Vulnerable version of libxml2 was used. The fix to this updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 -...

8.8CVSS7.1AI score0.0828EPSS
Exploits1References2
OSV
OSV
added 2021/02/04 1:40 p.m.7 views

MGASA-2021-0063 Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS7AI score0.05899EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/11/06 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-4175-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.05899EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/09/27 12:0 a.m.111 views

Debian: Security Advisory (DLA-1933-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.05899EPSS
Exploits0References3
Debian
Debian
added 2019/09/26 1:54 a.m.155 views

[SECURITY] [DLA 1933-1] ruby-nokogiri security update

Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477 A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend th...

9.8CVSS9.8AI score0.05899EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/26 12:0 a.m.33 views

Debian DLA-1933-1 : ruby-nokogiri security update

A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby's Kernel.open method. For Debian 8 'Jessie', this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend that you upgrade your ruby-nokogiri packages. NOTE: Tenable Network Security h...

9.8CVSS7.9AI score0.05899EPSS
Exploits0References3
OSV
OSV
added 2019/09/26 12:0 a.m.18 views

DLA-1933-1 ruby-nokogiri - security update

Bulletin has no description...

9.8CVSS8.9AI score0.05899EPSS
Exploits0
Rows per page
Query Builder