VYPR

rpm package

suse/ruby19&distro=SUSE Studio Onsite 1.3

pkg:rpm/suse/ruby19&distro=SUSE%20Studio%20Onsite%201.3

Vulnerabilities (3)

  • CVE-2015-1855Nov 29, 2019
    affected < 1.9.3.p392-0.23.1fixed 1.9.3.p392-0.23.1

    verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i

  • CVE-2009-5147HigMar 29, 2017
    affected < 1.9.3.p392-0.23.1fixed 1.9.3.p392-0.23.1

    DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

  • CVE-2016-2339CriJan 6, 2017
    affected < 1.9.3.p392-0.26.1fixed 1.9.3.p392-0.26.1

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of