VYPR

rpm package

suse/ruby2.5&distro=SUSE Linux Enterprise Module for Basesystem 15 SP1

pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Vulnerabilities (30)

  • CVE-2017-17742MedApr 3, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

  • CVE-2018-1000079MedMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the g

  • CVE-2018-1000078MedMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage att

  • CVE-2018-1000077MedMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage at

  • CVE-2018-1000076CriMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb t

  • CVE-2018-1000075HigMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar he

  • CVE-2018-1000074HigMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can resu

  • CVE-2018-1000073HigMar 13, 2018
    affected < 2.5.5-4.3.1fixed 2.5.5-4.3.1

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb t

  • CVE-2015-9251MedJan 18, 2018
    affected < 2.5.7-4.8.1fixed 2.5.7-4.8.1

    jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

  • CVE-2012-6708MedJan 18, 2018
    affected < 2.5.7-4.8.1fixed 2.5.7-4.8.1

    jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere

Page 2 of 2