27 matches found
Denial of Service (DoS)
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Denial of Service DoS. Vulnerable version of libxml2 was used. The fix to this updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 -...
MGASA-2021-0063 Updated ruby-nokogiri packages fix security vulnerabilities
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...
Ubuntu: Security Advisory (USN-4175-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1933-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1933-1] ruby-nokogiri security update
Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477 A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend th...
Debian DLA-1933-1 : ruby-nokogiri security update
A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby's Kernel.open method. For Debian 8 'Jessie', this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend that you upgrade your ruby-nokogiri packages. NOTE: Tenable Network Security h...
DLA-1933-1 ruby-nokogiri - security update
Bulletin has no description...