rpm package
suse/ruby19&distro=SUSE Studio Onsite 1.3
pkg:rpm/suse/ruby19&distro=SUSE%20Studio%20Onsite%201.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1855 | — | < 1.9.3.p392-0.23.1 | 1.9.3.p392-0.23.1 | Nov 29, 2019 | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i | ||
| CVE-2009-5147 | Hig | 7.3 | < 1.9.3.p392-0.23.1 | 1.9.3.p392-0.23.1 | Mar 29, 2017 | DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | |
| CVE-2016-2339 | Cri | 9.8 | < 1.9.3.p392-0.26.1 | 1.9.3.p392-0.26.1 | Jan 6, 2017 | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of |
- CVE-2015-1855Nov 29, 2019affected < 1.9.3.p392-0.23.1fixed 1.9.3.p392-0.23.1
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i
- affected < 1.9.3.p392-0.23.1fixed 1.9.3.p392-0.23.1
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
- affected < 1.9.3.p392-0.26.1fixed 1.9.3.p392-0.26.1
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of