VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / nokogiri

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-11068 critical 9.8 9.8 7y ago libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a… susedebianubuntufedora+2
CVE-2016-4658 critical 9.8 9.8 9y ago Nokogiri does not forbid namespace nodes in XPointer ranges susearchdebianmacos+1
CVE-2019-5815 critical 9.5 4y ago multiple issues in chromium archdebianruby
CVE-2017-15412 critical 9.5 8y ago multiple issues in chromium archsusedebianruby
CVE-2017-5029 high 8.8 8.8 9y ago multiple issues in chromium archsusedebianredhat+4
CVE-2022-24836 high 8.0 4y ago Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… rockylinuxsusedebianruby
CVE-2018-25032 high 8.0 4y ago Important: mingw-zlib security update rockylinuxredhatarchsuse+2
CVE-2021-30560 high 8.0 4y ago arbitrary code execution in chromium archdebiansuseruby
CVE-2021-41098 high 8.0 5y ago Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… archdebianruby
CVE-2019-18197 high 7.5 7.5 4y ago In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds ch… archsusedebianlinux+2
CVE-2017-16932 high 7.5 7.5 8y ago Nokogiri gem, via libxml, is affected by DoS vulnerabilities susedebianruby
CVE-2017-9050 high 7.5 7.5 9y ago Out-of-bounds read in nokogiri susedebianruby
CVE-2015-8806 high 7.5 7.5 10y ago Denial of service or RCE from libxml2 and libxslt susedebianubunturuby
CVE-2015-5312 high 7.1 11y ago Nokogiri subject to DoS via libxml2 vulnerability debianubunturedhatmacos+2
CVE-2021-3537 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2021-3518 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2021-3517 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2020-7595 medium 5.5 6y ago libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation archsusedebianruby
CVE-2017-18258 medium 5.5 8y ago Uncontrolled resource consumption in nokogiri archsusedebianruby
CVE-2019-13118 medium 5.3 5.3 4y ago In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … susedebianfedoraubuntu+3
CVE-2019-13117 medium 5.3 5.3 7y ago In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… susedebianubuntufedora+2
CVE-2015-7499 medium 5.0 11y ago Heap-based buffer overflow in nokogiri debianubunturedhatmacos+3
CVE-2015-1819 medium 5.0 11y ago Nokogiri vulnerable to libxml XML Entity Expansion debianredhatubuntususe+3
CVE-2022-23437 unknown 4y ago Infinite Loop in Apache Xerces Java susedebianrubyjava
CVE-2022-24839 unknown 4y ago org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption susedebianrubyjava