VYPR

rpm package

opensuse/rubygem-nokogiri&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweed

Vulnerabilities (44)

  • CVE-2015-7995Nov 17, 2015
    affected < 1.6.8.1-1.3fixed 1.6.8.1-1.3

    The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

  • CVE-2015-1819Aug 14, 2015
    affected < 1.6.8.1-1.3fixed 1.6.8.1-1.3

    The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

  • CVE-2014-0191Jan 21, 2015
    affected < 1.6.8.1-1.3fixed 1.6.8.1-1.3

    The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitutio

  • CVE-2013-2877Jul 10, 2013
    affected < 1.6.8.1-1.3fixed 1.6.8.1-1.3

    parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Page 3 of 3