Showing 1 - 3 of 3

CVE-2020-26247

Status Candidate

Overview

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.

Related Files

Gentoo Linux Security Advisory 202208-29: Posted Aug 15, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202208-29 - Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service. Versions less than 1.13.6 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2020-26247, CVE-2022-24836, CVE-2022-29181; SHA-256 | bf8e48285cca235d03aba1048c75f7636414695ceb723794c08e7c94669d74b6; Download | Favorite | View

Red Hat Security Advisory 2021-5191-02: Posted Dec 17, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-5191-02 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Issues addressed include an XML injection vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-26247, CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733; SHA-256 | 222e9e194871a86f08f51b797c06b520b5e808c822dbc8abe7f4de9d3c85287c; Download | Favorite | View

Red Hat Security Advisory 2021-4702-01: Posted Nov 17, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.; tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion; systems | linux, redhat; advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494; SHA-256 | 8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 277 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,107)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,764)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,813)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

CVE-2020-26247

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems