VYPR

rpm package

suse/ruby2.1&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2

Vulnerabilities (5)

  • CVE-2015-1855Nov 29, 2019
    affected < 2.1.9-15.1fixed 2.1.9-15.1

    verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i

  • CVE-2016-2339CriJan 6, 2017
    affected < 2.1.9-15.1fixed 2.1.9-15.1

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of

  • CVE-2015-7551HigMar 24, 2016
    affected < 2.1.9-15.1fixed 2.1.9-15.1

    The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c

  • CVE-2015-3900Jun 24, 2015
    affected < 2.1.9-15.1fixed 2.1.9-15.1

    RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

  • CVE-2014-4975Nov 15, 2014
    affected < 2.1.9-15.1fixed 2.1.9-15.1

    Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer ove