rpm package
suse/ruby2.5&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32066 | — | < 2.5.9-4.20.1 | 2.5.9-4.20.1 | Aug 1, 2021 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network po | ||
| CVE-2021-31799 | — | < 2.5.9-4.20.1 | 2.5.9-4.20.1 | Jul 29, 2021 | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | ||
| CVE-2021-31810 | — | < 2.5.9-4.20.1 | 2.5.9-4.20.1 | Jul 13, 2021 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that a | ||
| CVE-2021-28965 | — | < 2.5.9-4.17.1 | 2.5.9-4.17.1 | Apr 21, 2021 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. | ||
| CVE-2020-25613 | — | < 2.5.8-4.14.1 | 2.5.8-4.14.1 | Oct 6, 2020 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (w |
- CVE-2021-32066Aug 1, 2021affected < 2.5.9-4.20.1fixed 2.5.9-4.20.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network po
- CVE-2021-31799Jul 29, 2021affected < 2.5.9-4.20.1fixed 2.5.9-4.20.1
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
- CVE-2021-31810Jul 13, 2021affected < 2.5.9-4.20.1fixed 2.5.9-4.20.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that a
- CVE-2021-28965Apr 21, 2021affected < 2.5.9-4.17.1fixed 2.5.9-4.17.1
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
- CVE-2020-25613Oct 6, 2020affected < 2.5.8-4.14.1fixed 2.5.8-4.14.1
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (w