Page 95 of 474 results (0.011 seconds)

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-29181 – Improper Handling of Unexpected Data Type in Nokogiri

https://notcve.org/view.php?id=CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. Nokogiri es una biblioteca XML y HTML de código abierto para Ruby. • http://seclists.org/fulldisclosure/2022/Dec/23 https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m https://security.gentoo.org/glsa/202208-29 https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri https://support.apple.com/kb/HT213532 https://access.redhat.com/security/cve/CVE-2022-29181 https:// • CWE-241: Improper Handling of Unexpected Data Type CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24836 – Inefficient Regular Expression Complexity in Nokogiri

https://notcve.org/view.php?id=CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. Nokogiri es una biblioteca XML y HTML de código abierto para Ruby. • http://seclists.org/fulldisclosure/2022/Dec/23 https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM https://lists.fedoraproject.org/archives/list/package& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-39537

https://notcve.org/view.php?id=CVE-2021-39537

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Se ha detectado un problema en ncurses versiones hasta v6.2-1. La función _nc_captoinfo en el archivo captoinfo.c presenta un desbordamiento de búfer en la región heap de la memoria • http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://lists.gnu • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-30928 – Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-30928

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution. Se ha solucionado un problema de corrupción de memoria con una validación de entrada mejorada. Este problema se ha solucionado en macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 y iPadOS 14.8, iOS 15 y iPadOS 15. • https://support.apple.com/en-us/HT212804 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212815 https://support.apple.com/en-us/HT212819 https://support.apple.com/kb/HT212953 • CWE-787: Out-of-bounds Write •