VYPR

rpm package

opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweed

Vulnerabilities (44)

  • CVE-2023-29469MedApr 24, 2023
    affected < 1.15.4-1.1fixed 1.15.4-1.1

    An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there

  • CVE-2022-23476HigDec 8, 2022
    affected < 1.15.4-1.1fixed 1.15.4-1.1

    Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid

  • CVE-2022-34169HigJul 19, 2022
    affected < 1.15.4-1.1fixed 1.15.4-1.1

    The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update t

  • CVE-2022-29181HigMay 20, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memor

  • CVE-2022-29824MedMay 3, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software usin

  • CVE-2022-24839HigApr 11, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `or

  • CVE-2022-24836HigApr 11, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. Ther

  • CVE-2018-25032HigMar 25, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

  • CVE-2022-23308HigFeb 26, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

  • CVE-2022-23437MedJan 24, 2022
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerabili

  • CVE-2021-41098HigSep 27, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of thes

  • CVE-2021-30560HigAug 3, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-3541MedJul 9, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

  • CVE-2021-3516HigJun 1, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

  • CVE-2021-3517HigMay 19, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely

  • CVE-2021-3518HigMay 18, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

  • CVE-2021-3537MedMay 14, 2021
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat

  • CVE-2020-24977MedSep 4, 2020
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

  • CVE-2020-7595HigJan 21, 2020
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

  • CVE-2019-20388HigJan 21, 2020
    affected < 1.13.9-1.7fixed 1.13.9-1.7

    xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Page 1 of 3