VYPR

rpm package

suse/ruby2.1&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (46)

  • CVE-2017-14064CriAug 31, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of leng

  • CVE-2015-9096MedJun 12, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

  • CVE-2017-9229HigMay 24, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in

  • CVE-2017-9228CriMay 24, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state tra

  • CVE-2016-7798HigJan 30, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

  • CVE-2016-2339CriJan 6, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of

Page 3 of 3