| CVE-2019-11068 |
critical |
9.8 |
9.8 |
|
|
|
7y ago |
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a… |
| CVE-2016-4658 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Nokogiri does not forbid namespace nodes in XPointer ranges |
| CVE-2019-5815 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in chromium |
| CVE-2017-15412 |
critical |
— |
9.5 |
|
|
|
8y ago |
multiple issues in chromium |
| CVE-2017-5029 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
multiple issues in chromium |
| CVE-2022-24836 |
high |
— |
8.0 |
|
|
|
4y ago |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… |
| CVE-2018-25032 |
high |
— |
8.0 |
|
|
|
4y ago |
Important: mingw-zlib security update |
| CVE-2021-30560 |
high |
— |
8.0 |
|
|
|
4y ago |
arbitrary code execution in chromium |
| CVE-2021-41098 |
high |
— |
8.0 |
|
|
|
5y ago |
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… |
| CVE-2019-18197 |
high |
7.5 |
7.5 |
|
|
|
4y ago |
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds ch… |
| CVE-2017-16932 |
high |
7.5 |
7.5 |
|
|
|
8y ago |
Nokogiri gem, via libxml, is affected by DoS vulnerabilities |
| CVE-2017-9050 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Out-of-bounds read in nokogiri |
| CVE-2015-8806 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service or RCE from libxml2 and libxslt |
| CVE-2015-5312 |
high |
— |
7.1 |
|
|
|
11y ago |
Nokogiri subject to DoS via libxml2 vulnerability |
| CVE-2021-3537 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2021-3518 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2021-3517 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: libxml2 security update |
| CVE-2020-7595 |
medium |
— |
5.5 |
|
|
|
6y ago |
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation |
| CVE-2017-18258 |
medium |
— |
5.5 |
|
|
|
8y ago |
Uncontrolled resource consumption in nokogiri |
| CVE-2019-13118 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … |
| CVE-2019-13117 |
medium |
5.3 |
5.3 |
|
|
|
7y ago |
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… |
| CVE-2015-7499 |
medium |
— |
5.0 |
|
|
|
11y ago |
Heap-based buffer overflow in nokogiri |
| CVE-2015-1819 |
medium |
— |
5.0 |
|
|
|
11y ago |
Nokogiri vulnerable to libxml XML Entity Expansion |
| CVE-2022-23437 |
unknown |
— |
— |
|
|
|
4y ago |
Infinite Loop in Apache Xerces Java |
| CVE-2022-24839 |
unknown |
— |
— |
|
|
|
4y ago |
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption |