rpm package
suse/ruby&distro=SUSE Studio Onsite 1.3
pkg:rpm/suse/ruby&distro=SUSE%20Studio%20Onsite%201.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1855 | — | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Nov 29, 2019 | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i | ||
| CVE-2015-7551 | Hig | 8.4 | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Mar 24, 2016 | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c |
- CVE-2015-1855Nov 29, 2019affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i
- affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c