| CVE-2019-11068 |
critical |
9.8 |
9.8 |
|
|
|
7y ago |
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a… |
| CVE-2016-4658 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Nokogiri does not forbid namespace nodes in XPointer ranges |
| CVE-2019-5815 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in chromium |
| CVE-2017-15412 |
critical |
— |
9.5 |
|
|
|
8y ago |
multiple issues in chromium |
| CVE-2021-3517 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2021-3537 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2021-3518 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2020-7595 |
medium |
— |
5.5 |
|
|
|
6y ago |
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation |
| CVE-2017-18258 |
medium |
— |
5.5 |
|
|
|
8y ago |
Uncontrolled resource consumption in nokogiri |
| CVE-2019-13118 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … |
| CVE-2019-13117 |
medium |
5.3 |
5.3 |
|
|
|
7y ago |
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… |
| CVE-2015-7499 |
medium |
— |
5.0 |
|
|
|
11y ago |
Heap-based buffer overflow in nokogiri |
| CVE-2015-1819 |
medium |
— |
5.0 |
|
|
|
11y ago |
Nokogiri vulnerable to libxml XML Entity Expansion |