rpm package
suse/ruby&distro=SUSE WebYast 1.3
pkg:rpm/suse/ruby&distro=SUSE%20WebYast%201.3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32066 | — | < 1.8.7.p357-0.9.20.3.1 | 1.8.7.p357-0.9.20.3.1 | Aug 1, 2021 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network po | ||
| CVE-2021-31810 | — | < 1.8.7.p357-0.9.20.3.1 | 1.8.7.p357-0.9.20.3.1 | Jul 13, 2021 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that a | ||
| CVE-2015-1855 | — | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Nov 29, 2019 | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i | ||
| CVE-2018-16395 | — | < 1.8.7.p357-0.9.20.3.1 | 1.8.7.p357-0.9.20.3.1 | Nov 16, 2018 | An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first a | ||
| CVE-2015-7551 | Hig | 8.4 | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Mar 24, 2016 | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c |
- CVE-2021-32066Aug 1, 2021affected < 1.8.7.p357-0.9.20.3.1fixed 1.8.7.p357-0.9.20.3.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network po
- CVE-2021-31810Jul 13, 2021affected < 1.8.7.p357-0.9.20.3.1fixed 1.8.7.p357-0.9.20.3.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that a
- CVE-2015-1855Nov 29, 2019affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i
- CVE-2018-16395Nov 16, 2018affected < 1.8.7.p357-0.9.20.3.1fixed 1.8.7.p357-0.9.20.3.1
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first a
- affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c