Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-1855 (GCVE-0-2015-1855)
Vulnerability from cvelistv5 – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
VLAI
EPSS
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3247 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3245 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3246 | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2015/04/13/ruby… | x_refsource_MISC |
| https://puppetlabs.com/security/cve/cve-2015-1855 | x_refsource_MISC |
| https://bugs.ruby-lang.org/issues/9644 | x_refsource_MISC |
Impacted products
Date Public
2015-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "before 2.0.0 patchlevel 645"
},
{
"status": "affected",
"version": "2.1.x before 2.1.6"
},
{
"status": "affected",
"version": "and 2.2.x before 2.2.2"
}
]
}
],
"datePublic": "2015-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T20:46:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1855",
"datePublished": "2019-11-29T20:46:48.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-1855",
"date": "2026-05-25",
"epss": "0.0272",
"percentile": "0.86125"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.1.0\", \"versionEndExcluding\": \"2.1.6\", \"matchCriteriaId\": \"C5793852-ECE3-465A-B8A5-D506744191E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.2.2\", \"matchCriteriaId\": \"4E69BA95-2D84-4E80-9617-3B2F2B02D9E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"45B882EE-85F9-42B0-85F3-0B6A9FF4BA5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2423B85-0971-42AC-8B64-819008BC5778\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C663278-3B2A-4B7C-959A-2AA804467F21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7927149-A76A-48BC-8405-7375FC7D7486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D627638-64AA-455B-9FEA-093D3773B9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*\", \"matchCriteriaId\": \"46485519-C2FB-4767-B699-9F51FDCF29E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*\", \"matchCriteriaId\": \"19CF27FB-DCF5-4533-B309-55615AE21A63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9865DD1-F2AF-40B6-848A-EA9FD37034DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*\", \"matchCriteriaId\": \"C10BD21E-B9FA-4B57-B617-0108A00D6132\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EF7FDAD-9CAF-452D-B229-EF7C390DE712\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"50292\", \"matchCriteriaId\": \"4A56FC0D-59AE-48DD-9DD8-3CC0E6DC0F80\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCB7E6DC-B6C3-452B-98F7-09D0CE0879E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.8.0\", \"matchCriteriaId\": \"82B0F981-35E1-4C9D-9D16-DDB0CA341FEF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n Verified_certificate_identity en la extensi\\u00f3n OpenSSL en Ruby versiones anteriores a 2.0.0 patchlevel 645, versiones 2.1.x anteriores a 2.1.6 y versiones 2.2.x anteriores 2.2.2, no comprueba apropiadamente los nombres de host, lo que permite a atacantes remotos falsificar servidores por medio de vectores relacionados con (1) m\\u00faltiples wildcards, (1) wildcards en nombres IDNA, (3) sensibilidad a may\\u00fasculas y min\\u00fasculas y (4) caracteres no ASCII.\"}]",
"id": "CVE-2015-1855",
"lastModified": "2024-11-21T02:26:16.630",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-11-29T21:15:10.807",
"references": "[{\"url\": \"http://www.debian.org/security/2015/dsa-3245\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3246\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3247\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.ruby-lang.org/issues/9644\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://puppetlabs.com/security/cve/cve-2015-1855\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3247\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.ruby-lang.org/issues/9644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://puppetlabs.com/security/cve/cve-2015-1855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1855\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-11-29T21:15:10.807\",\"lastModified\":\"2024-11-21T02:26:16.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n Verified_certificate_identity en la extensi\u00f3n OpenSSL en Ruby versiones anteriores a 2.0.0 patchlevel 645, versiones 2.1.x anteriores a 2.1.6 y versiones 2.2.x anteriores 2.2.2, no comprueba apropiadamente los nombres de host, lo que permite a atacantes remotos falsificar servidores por medio de vectores relacionados con (1) m\u00faltiples wildcards, (1) wildcards en nombres IDNA, (3) sensibilidad a may\u00fasculas y min\u00fasculas y (4) caracteres no ASCII.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.6\",\"matchCriteriaId\":\"C5793852-ECE3-465A-B8A5-D506744191E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.2\",\"matchCriteriaId\":\"4E69BA95-2D84-4E80-9617-3B2F2B02D9E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B882EE-85F9-42B0-85F3-0B6A9FF4BA5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2423B85-0971-42AC-8B64-819008BC5778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C663278-3B2A-4B7C-959A-2AA804467F21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7927149-A76A-48BC-8405-7375FC7D7486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D627638-64AA-455B-9FEA-093D3773B9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*\",\"matchCriteriaId\":\"46485519-C2FB-4767-B699-9F51FDCF29E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*\",\"matchCriteriaId\":\"19CF27FB-DCF5-4533-B309-55615AE21A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9865DD1-F2AF-40B6-848A-EA9FD37034DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10BD21E-B9FA-4B57-B617-0108A00D6132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EF7FDAD-9CAF-452D-B229-EF7C390DE712\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"50292\",\"matchCriteriaId\":\"4A56FC0D-59AE-48DD-9DD8-3CC0E6DC0F80\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB7E6DC-B6C3-452B-98F7-09D0CE0879E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.8.0\",\"matchCriteriaId\":\"82B0F981-35E1-4C9D-9D16-DDB0CA341FEF\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2015/dsa-3245\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3246\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3247\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.ruby-lang.org/issues/9644\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppetlabs.com/security/cve/cve-2015-1855\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.ruby-lang.org/issues/9644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppetlabs.com/security/cve/cve-2015-1855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2015-AVI-308
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris versions 11.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8768",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8768"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-9652",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
},
{
"name": "CVE-2015-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0261"
},
{
"name": "CVE-2014-9705",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
},
{
"name": "CVE-2015-0255",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0255"
},
{
"name": "CVE-2014-6511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6511"
},
{
"name": "CVE-2015-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2014-9425",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
},
{
"name": "CVE-2014-9462",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9462"
},
{
"name": "CVE-2014-9653",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9653"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
},
{
"name": "CVE-2015-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
},
{
"name": "CVE-2015-3988",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3988"
},
{
"name": "CVE-2015-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
},
{
"name": "CVE-2015-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
},
{
"name": "CVE-2015-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
},
{
"name": "CVE-2015-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
},
{
"name": "CVE-2015-3294",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3294"
},
{
"name": "CVE-2015-2348",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-308",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 juillet 2015",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
}
]
}
CERTFR-2015-AVI-416
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple OS X versions antérieures à v10.11
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
},
{
"name": "CVE-2015-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
},
{
"name": "CVE-2015-5851",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
},
{
"name": "CVE-2015-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
},
{
"name": "CVE-2015-5873",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2015-5867",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-5830",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2015-5883",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
},
{
"name": "CVE-2015-5523",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
},
{
"name": "CVE-2015-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
},
{
"name": "CVE-2014-9652",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
},
{
"name": "CVE-2015-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
},
{
"name": "CVE-2015-5860",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
},
{
"name": "CVE-2015-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
},
{
"name": "CVE-2015-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
},
{
"name": "CVE-2014-9705",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
},
{
"name": "CVE-2015-5522",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
},
{
"name": "CVE-2015-5863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
},
{
"name": "CVE-2015-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
},
{
"name": "CVE-2014-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
},
{
"name": "CVE-2015-5833",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
},
{
"name": "CVE-2015-5840",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
},
{
"name": "CVE-2015-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
},
{
"name": "CVE-2015-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
},
{
"name": "CVE-2015-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
},
{
"name": "CVE-2014-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
},
{
"name": "CVE-2015-5836",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
},
{
"name": "CVE-2015-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
},
{
"name": "CVE-2015-5891",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
},
{
"name": "CVE-2015-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
},
{
"name": "CVE-2015-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
},
{
"name": "CVE-2015-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
},
{
"name": "CVE-2015-5902",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
},
{
"name": "CVE-2015-5900",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
},
{
"name": "CVE-2015-5858",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2015-5865",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
},
{
"name": "CVE-2014-9425",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
},
{
"name": "CVE-2014-8611",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
},
{
"name": "CVE-2015-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
},
{
"name": "CVE-2015-3330",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
},
{
"name": "CVE-2015-5896",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2015-5839",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
},
{
"name": "CVE-2015-5893",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
},
{
"name": "CVE-2015-3329",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
},
{
"name": "CVE-2015-5853",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
},
{
"name": "CVE-2015-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
},
{
"name": "CVE-2015-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
},
{
"name": "CVE-2015-5882",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
},
{
"name": "CVE-2015-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
},
{
"name": "CVE-2015-5894",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
},
{
"name": "CVE-2015-5831",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
},
{
"name": "CVE-2015-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
},
{
"name": "CVE-2015-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
},
{
"name": "CVE-2015-5862",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
},
{
"name": "CVE-2014-8147",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
},
{
"name": "CVE-2015-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
},
{
"name": "CVE-2015-5866",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
},
{
"name": "CVE-2015-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2015-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
},
{
"name": "CVE-2015-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
},
{
"name": "CVE-2015-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
},
{
"name": "CVE-2015-5922",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
},
{
"name": "CVE-2015-5842",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2015-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
},
{
"name": "CVE-2015-5849",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
},
{
"name": "CVE-2015-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2015-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
},
{
"name": "CVE-2015-3785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
},
{
"name": "CVE-2015-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
},
{
"name": "CVE-2014-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
},
{
"name": "CVE-2015-5899",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
},
{
"name": "CVE-2015-5847",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2015-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
},
{
"name": "CVE-2015-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
},
{
"name": "CVE-2015-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
},
{
"name": "CVE-2015-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
},
{
"name": "CVE-2015-5901",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
},
{
"name": "CVE-2015-5854",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
},
{
"name": "CVE-2015-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
},
{
"name": "CVE-2015-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
},
{
"name": "CVE-2015-5888",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
},
{
"name": "CVE-2015-5890",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
},
{
"name": "CVE-2015-5884",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
},
{
"name": "CVE-2013-3951",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
},
{
"name": "CVE-2014-9709",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
},
{
"name": "CVE-2015-5855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
},
{
"name": "CVE-2015-2348",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
},
{
"name": "CVE-2014-8146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-416",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
"url": "https://support.apple.com/en-us/HT205267"
}
]
}
CERTFR-2015-AVI-308
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris versions 11.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8768",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8768"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-9652",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
},
{
"name": "CVE-2015-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0261"
},
{
"name": "CVE-2014-9705",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
},
{
"name": "CVE-2015-0255",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0255"
},
{
"name": "CVE-2014-6511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6511"
},
{
"name": "CVE-2015-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2014-9425",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
},
{
"name": "CVE-2014-9462",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9462"
},
{
"name": "CVE-2014-9653",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9653"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
},
{
"name": "CVE-2015-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
},
{
"name": "CVE-2015-3988",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3988"
},
{
"name": "CVE-2015-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
},
{
"name": "CVE-2015-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
},
{
"name": "CVE-2015-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
},
{
"name": "CVE-2015-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
},
{
"name": "CVE-2015-3294",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3294"
},
{
"name": "CVE-2015-2348",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-308",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 juillet 2015",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
}
]
}
CERTFR-2015-AVI-416
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple OS X versions antérieures à v10.11
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
},
{
"name": "CVE-2015-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
},
{
"name": "CVE-2015-5851",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
},
{
"name": "CVE-2015-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
},
{
"name": "CVE-2015-5873",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2015-5867",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-5830",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2015-5883",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
},
{
"name": "CVE-2015-5523",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
},
{
"name": "CVE-2015-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
},
{
"name": "CVE-2014-9652",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
},
{
"name": "CVE-2015-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
},
{
"name": "CVE-2015-5860",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
},
{
"name": "CVE-2015-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
},
{
"name": "CVE-2015-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
},
{
"name": "CVE-2014-9705",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
},
{
"name": "CVE-2015-5522",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
},
{
"name": "CVE-2015-5863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
},
{
"name": "CVE-2015-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
},
{
"name": "CVE-2014-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
},
{
"name": "CVE-2015-5833",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
},
{
"name": "CVE-2015-5840",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
},
{
"name": "CVE-2015-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
},
{
"name": "CVE-2015-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
},
{
"name": "CVE-2015-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
},
{
"name": "CVE-2014-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
},
{
"name": "CVE-2015-5836",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
},
{
"name": "CVE-2015-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
},
{
"name": "CVE-2015-5891",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
},
{
"name": "CVE-2015-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
},
{
"name": "CVE-2015-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
},
{
"name": "CVE-2015-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
},
{
"name": "CVE-2015-5902",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
},
{
"name": "CVE-2015-5900",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
},
{
"name": "CVE-2015-5858",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2015-5865",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
},
{
"name": "CVE-2014-9425",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
},
{
"name": "CVE-2014-8611",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
},
{
"name": "CVE-2015-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
},
{
"name": "CVE-2015-3330",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
},
{
"name": "CVE-2015-5896",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2015-5839",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
},
{
"name": "CVE-2015-5893",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
},
{
"name": "CVE-2015-3329",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
},
{
"name": "CVE-2015-5853",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
},
{
"name": "CVE-2015-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
},
{
"name": "CVE-2015-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
},
{
"name": "CVE-2015-5882",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
},
{
"name": "CVE-2015-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
},
{
"name": "CVE-2015-5894",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
},
{
"name": "CVE-2015-5831",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
},
{
"name": "CVE-2015-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
},
{
"name": "CVE-2015-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
},
{
"name": "CVE-2015-5862",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
},
{
"name": "CVE-2014-8147",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
},
{
"name": "CVE-2015-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
},
{
"name": "CVE-2015-5866",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
},
{
"name": "CVE-2015-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2015-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
},
{
"name": "CVE-2015-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
},
{
"name": "CVE-2015-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
},
{
"name": "CVE-2015-5922",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
},
{
"name": "CVE-2015-5842",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2015-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
},
{
"name": "CVE-2015-5849",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
},
{
"name": "CVE-2015-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2015-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
},
{
"name": "CVE-2015-3785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
},
{
"name": "CVE-2015-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
},
{
"name": "CVE-2014-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
},
{
"name": "CVE-2015-5899",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
},
{
"name": "CVE-2015-5847",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2015-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
},
{
"name": "CVE-2015-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
},
{
"name": "CVE-2015-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
},
{
"name": "CVE-2015-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
},
{
"name": "CVE-2015-5901",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
},
{
"name": "CVE-2015-5854",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
},
{
"name": "CVE-2015-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
},
{
"name": "CVE-2015-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
},
{
"name": "CVE-2015-5888",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
},
{
"name": "CVE-2015-5890",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
},
{
"name": "CVE-2015-5884",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
},
{
"name": "CVE-2013-3951",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
},
{
"name": "CVE-2014-9709",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
},
{
"name": "CVE-2015-5855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
},
{
"name": "CVE-2015-2348",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
},
{
"name": "CVE-2014-8146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-416",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
"url": "https://support.apple.com/en-us/HT205267"
}
]
}
BDU:2015-09978
Vulnerability from fstec - Published: 13.04.2015
VLAI
Title
Уязвимость интерпретатора Ruby, позволяющая нарушителю подменить SSL-сервер
Description
Уязвимость интерпретатора Ruby в расширении OpenSSL заключается в некорректной проверке имен узлов и сертификатов, содержащих групповые символы. В результате эксплуатации уязвимости при помощи специально сформированного сертификата нарушитель может подменить SSL-сервер
Severity
Vendor
Ruby Team
Software Name
Ruby
Software Version
от 2.0.0 до 2.0.0-p645 включительно (Ruby), от 2.1.0 до 2.1.6 включительно (Ruby), от 2.2.0 до 2.2.2 включительно (Ruby)
Possible Mitigations
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
https://www.ruby-lang.org
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
CWE
CWE-295
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Ruby Team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 2.0.0 \u0434\u043e 2.0.0-p645 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.1.0 \u0434\u043e 2.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.2.0 \u0434\u043e 2.2.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435. \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttps://www.ruby-lang.org",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.04.2015",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.05.2015",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-09978",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-1855",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ruby",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Oracle Corp. Solaris . 64-bit, Oracle Corp. Solaris . 32-bit, Oracle Corp. Solaris . PowerPC, Oracle Corp. Solaris . SPARC, Oracle Corp. Solaris . ARM, Microsoft Corp Windows - ARM",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 Ruby, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c SSL-\u0441\u0435\u0440\u0432\u0435\u0440",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 Ruby \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 OpenSSL \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0438\u043c\u0435\u043d \u0443\u0437\u043b\u043e\u0432 \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c SSL-\u0441\u0435\u0440\u0432\u0435\u0440",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855 \n\nhttps://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-295",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
CNVD-2015-02927
Vulnerability from cnvd - Published: 2015-05-08
VLAI
Title
Ruby证书校验漏洞
Description
Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。
Ruby存在安全漏洞。由于程序未能正确验证证书的域名。攻击者可通过实施中间人攻击利用该漏洞欺骗服务器。
Severity
中
Patch Name
Ruby证书校验漏洞的补丁
Patch Description
Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。
Ruby存在安全漏洞。由于程序未能正确验证证书的域名。攻击者可通过实施中间人攻击利用该漏洞欺骗服务器。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: http://www.us.debian.org/security/2015/dsa-3246
Reference
http://www.us.debian.org/security/2015/dsa-3246
http://secunia.com/advisories/64396
Impacted products
| Name | Ruby Ruby 1.9.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-1855"
}
},
"description": "Ruby\u662f\u65e5\u672c\u8f6f\u4ef6\u5f00\u53d1\u8005\u677e\u672c\u884c\u5f18\u6240\u7814\u53d1\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nRuby\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8bc1\u4e66\u7684\u57df\u540d\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u6b3a\u9a97\u670d\u52a1\u5668\u3002",
"discovererName": "Ruby",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.us.debian.org/security/2015/dsa-3246",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-02927",
"openTime": "2015-05-08",
"patchDescription": "Ruby\u662f\u65e5\u672c\u8f6f\u4ef6\u5f00\u53d1\u8005\u677e\u672c\u884c\u5f18\u6240\u7814\u53d1\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002 \r\n\r\nRuby\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8bc1\u4e66\u7684\u57df\u540d\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u6b3a\u9a97\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Ruby\u8bc1\u4e66\u6821\u9a8c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Ruby Ruby 1.9.1"
},
"referenceLink": "http://www.us.debian.org/security/2015/dsa-3246 \r\nhttp://secunia.com/advisories/64396",
"serverity": "\u4e2d",
"submitTime": "2015-05-07",
"title": "Ruby\u8bc1\u4e66\u6821\u9a8c\u6f0f\u6d1e"
}
FKIE_CVE-2015-1855
Vulnerability from fkie_nvd - Published: 2019-11-29 21:15 - Updated: 2024-11-21 02:26
Severity
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | trunk | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| puppet | puppet_agent | 1.0.0 | |
| puppet | puppet_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5793852-ECE3-465A-B8A5-D506744191E9",
"versionEndExcluding": "2.1.6",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E69BA95-2D84-4E80-9617-3B2F2B02D9E9",
"versionEndExcluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "45B882EE-85F9-42B0-85F3-0B6A9FF4BA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "D2423B85-0971-42AC-8B64-819008BC5778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
"matchCriteriaId": "1C663278-3B2A-4B7C-959A-2AA804467F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
"matchCriteriaId": "B7927149-A76A-48BC-8405-7375FC7D7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*",
"matchCriteriaId": "3D627638-64AA-455B-9FEA-093D3773B9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*",
"matchCriteriaId": "46485519-C2FB-4767-B699-9F51FDCF29E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*",
"matchCriteriaId": "19CF27FB-DCF5-4533-B309-55615AE21A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*",
"matchCriteriaId": "B9865DD1-F2AF-40B6-848A-EA9FD37034DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*",
"matchCriteriaId": "C10BD21E-B9FA-4B57-B617-0108A00D6132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*",
"matchCriteriaId": "3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*",
"matchCriteriaId": "4EF7FDAD-9CAF-452D-B229-EF7C390DE712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A56FC0D-59AE-48DD-9DD8-3CC0E6DC0F80",
"versionEndExcluding": "50292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB7E6DC-B6C3-452B-98F7-09D0CE0879E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82B0F981-35E1-4C9D-9D16-DDB0CA341FEF",
"versionEndExcluding": "3.8.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
},
{
"lang": "es",
"value": "La funci\u00f3n Verified_certificate_identity en la extensi\u00f3n OpenSSL en Ruby versiones anteriores a 2.0.0 patchlevel 645, versiones 2.1.x anteriores a 2.1.6 y versiones 2.2.x anteriores 2.2.2, no comprueba apropiadamente los nombres de host, lo que permite a atacantes remotos falsificar servidores por medio de vectores relacionados con (1) m\u00faltiples wildcards, (1) wildcards en nombres IDNA, (3) sensibilidad a may\u00fasculas y min\u00fasculas y (4) caracteres no ASCII."
}
],
"id": "CVE-2015-1855",
"lastModified": "2024-11-21T02:26:16.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T21:15:10.807",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4X8V-74XF-H4G3
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02
VLAI
Details
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
{
"affected": [],
"aliases": [
"CVE-2015-1855"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-29T21:15:00Z",
"severity": "MODERATE"
},
"details": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"id": "GHSA-4x8v-74xf-h4g3",
"modified": "2022-05-24T17:02:21Z",
"published": "2022-05-24T17:02:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1855"
},
{
"type": "WEB",
"url": "https://bugs.ruby-lang.org/issues/9644"
},
{
"type": "WEB",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3247"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2015-1855
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1855",
"description": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"id": "GSD-2015-1855",
"references": [
"https://www.suse.com/security/cve/CVE-2015-1855.html",
"https://www.debian.org/security/2015/dsa-3247",
"https://www.debian.org/security/2015/dsa-3246",
"https://www.debian.org/security/2015/dsa-3245",
"https://ubuntu.com/security/CVE-2015-1855",
"https://advisories.mageia.org/CVE-2015-1855.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-1855.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1855"
],
"details": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"id": "GSD-2015-1855",
"modified": "2023-12-13T01:20:05.116123Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.6",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50292",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-09-30T12:27Z",
"publishedDate": "2019-11-29T21:15Z"
}
}
}
OPENSUSE-SU-2024:10090-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libruby2_3-2_3-2.3.1-1.6 on GA media
Severity
Moderate
Notes
Title of the patch: libruby2_3-2_3-2.3.1-1.6 on GA media
Description of the patch: These are all security issues fixed in the libruby2_3-2_3-2.3.1-1.6 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10090
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libruby2_3-2_3-2.3.1-1.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libruby2_3-2_3-2.3.1-1.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10090",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10090-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1855 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3900 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3900/"
}
],
"title": "libruby2_3-2_3-2.3.1-1.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10090-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_3-2_3-2.3.1-1.6.aarch64",
"product": {
"name": "libruby2_3-2_3-2.3.1-1.6.aarch64",
"product_id": "libruby2_3-2_3-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-devel-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-devel-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-devel-extra-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-doc-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-doc-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-doc-ri-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-stdlib-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-stdlib-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-stdlib-2.3.1-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-tk-2.3.1-1.6.aarch64",
"product": {
"name": "ruby2.3-tk-2.3.1-1.6.aarch64",
"product_id": "ruby2.3-tk-2.3.1-1.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_3-2_3-2.3.1-1.6.ppc64le",
"product": {
"name": "libruby2_3-2_3-2.3.1-1.6.ppc64le",
"product_id": "libruby2_3-2_3-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-devel-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-devel-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-devel-extra-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-doc-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-doc-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-doc-ri-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-stdlib-2.3.1-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-tk-2.3.1-1.6.ppc64le",
"product": {
"name": "ruby2.3-tk-2.3.1-1.6.ppc64le",
"product_id": "ruby2.3-tk-2.3.1-1.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_3-2_3-2.3.1-1.6.s390x",
"product": {
"name": "libruby2_3-2_3-2.3.1-1.6.s390x",
"product_id": "libruby2_3-2_3-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-2.3.1-1.6.s390x",
"product_id": "ruby2.3-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-devel-2.3.1-1.6.s390x",
"product_id": "ruby2.3-devel-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-extra-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.s390x",
"product_id": "ruby2.3-devel-extra-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-doc-2.3.1-1.6.s390x",
"product_id": "ruby2.3-doc-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-ri-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.s390x",
"product_id": "ruby2.3-doc-ri-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-stdlib-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-stdlib-2.3.1-1.6.s390x",
"product_id": "ruby2.3-stdlib-2.3.1-1.6.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-tk-2.3.1-1.6.s390x",
"product": {
"name": "ruby2.3-tk-2.3.1-1.6.s390x",
"product_id": "ruby2.3-tk-2.3.1-1.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_3-2_3-2.3.1-1.6.x86_64",
"product": {
"name": "libruby2_3-2_3-2.3.1-1.6.x86_64",
"product_id": "libruby2_3-2_3-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-devel-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-devel-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-devel-extra-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-doc-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-doc-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-doc-ri-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-stdlib-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-stdlib-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-stdlib-2.3.1-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-tk-2.3.1-1.6.x86_64",
"product": {
"name": "ruby2.3-tk-2.3.1-1.6.x86_64",
"product_id": "ruby2.3-tk-2.3.1-1.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_3-2_3-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64"
},
"product_reference": "libruby2_3-2_3-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_3-2_3-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le"
},
"product_reference": "libruby2_3-2_3-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_3-2_3-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x"
},
"product_reference": "libruby2_3-2_3-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_3-2_3-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64"
},
"product_reference": "libruby2_3-2_3-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-devel-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-devel-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-devel-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-devel-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-devel-extra-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-devel-extra-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-doc-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-doc-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-doc-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-doc-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-doc-ri-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-doc-ri-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-stdlib-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-stdlib-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-stdlib-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-stdlib-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-stdlib-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-stdlib-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-stdlib-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-tk-2.3.1-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64"
},
"product_reference": "ruby2.3-tk-2.3.1-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-tk-2.3.1-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le"
},
"product_reference": "ruby2.3-tk-2.3.1-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-tk-2.3.1-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x"
},
"product_reference": "ruby2.3-tk-2.3.1-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-tk-2.3.1-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
},
"product_reference": "ruby2.3-tk-2.3.1-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1855"
}
],
"notes": [
{
"category": "general",
"text": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1855",
"url": "https://www.suse.com/security/cve/CVE-2015-1855"
},
{
"category": "external",
"summary": "SUSE Bug 926974 for CVE-2015-1855",
"url": "https://bugzilla.suse.com/926974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-1855"
},
{
"cve": "CVE-2015-3900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3900"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3900",
"url": "https://www.suse.com/security/cve/CVE-2015-3900"
},
{
"category": "external",
"summary": "SUSE Bug 936032 for CVE-2015-3900",
"url": "https://bugzilla.suse.com/936032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:libruby2_3-2_3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-devel-extra-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-doc-ri-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-stdlib-2.3.1-1.6.x86_64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.aarch64",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.ppc64le",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.s390x",
"openSUSE Tumbleweed:ruby2.3-tk-2.3.1-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3900"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…