Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16395 (GCVE-0-2018-16395)
Vulnerability from cvelistv5 – Published: 2018-11-16 18:00 – Updated: 2024-08-05 10:24
VLAI
EPSS
Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2018-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name": "RHSA-2018:3738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"name": "RHSA-2018:3729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/387250"
},
{
"name": "RHSA-2018:3730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "RHSA-2018:3731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name": "DSA-4332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"name": "USN-3808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "1042105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042105"
},
{
"name": "openSUSE-SU-2019:1771",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"name": "RHSA-2019:2565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T19:15:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name": "RHSA-2018:3738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"name": "RHSA-2018:3729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/387250"
},
{
"name": "RHSA-2018:3730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "RHSA-2018:3731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name": "DSA-4332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"name": "USN-3808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "1042105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042105"
},
{
"name": "openSUSE-SU-2019:1771",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"name": "RHSA-2019:2565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name": "RHSA-2018:3738",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"name": "RHSA-2018:3729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "https://hackerone.com/reports/387250",
"refsource": "MISC",
"url": "https://hackerone.com/reports/387250"
},
{
"name": "RHSA-2018:3730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "RHSA-2018:3731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name": "DSA-4332",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"name": "USN-3808-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "1042105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042105"
},
{
"name": "openSUSE-SU-2019:1771",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:1948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"name": "RHSA-2019:2565",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16395",
"datePublished": "2018-11-16T18:00:00.000Z",
"dateReserved": "2018-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-16395",
"date": "2026-05-25",
"epss": "0.04424",
"percentile": "0.89156"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"DDD3EC39-B375-4B68-963F-08418673D321\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndIncluding\": \"2.3.7\", \"matchCriteriaId\": \"4F4CB899-0054-44BB-A3BD-FB225CC663DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndIncluding\": \"2.4.4\", \"matchCriteriaId\": \"4A07531E-A788-41ED-8C5D-AAB2F532EA7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5.0\", \"versionEndIncluding\": \"2.5.1\", \"matchCriteriaId\": \"70C32AF6-57D9-4F85-857B-4EFC425D9145\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*\", \"matchCriteriaId\": \"787FDFC6-E780-4F95-9E46-C5CF77E7EBC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*\", \"matchCriteriaId\": \"49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041F9200-4C01-4187-AE34-240E8277B54D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podr\\u00edan devolver \\\"true\\\". Cuando el primer argumento tiene un car\\u00e1cter m\\u00e1s que el segundo, o el segundo argumento contiene un car\\u00e1cter que tiene uno menos que el car\\u00e1cter en la misma posici\\u00f3n que el primer argumento, el resultado de == ser\\u00e1 \\\"true\\\". Esto podr\\u00eda aprovecharse para crear un certificado ileg\\u00edtimo que podr\\u00eda ser aceptado como leg\\u00edtimo y despu\\u00e9s emplearse en operaciones de firma o cifrado.\"}]",
"id": "CVE-2018-16395",
"lastModified": "2024-11-21T03:52:40.143",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-11-16T18:29:00.943",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1042105\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3729\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3730\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3731\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3738\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1948\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2565\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hackerone.com/reports/387250\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190221-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3808-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4332\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1042105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3730\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3738\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hackerone.com/reports/387250\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190221-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3808-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16395\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-11-16T18:29:00.943\",\"lastModified\":\"2024-11-21T03:52:40.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podr\u00edan devolver \\\"true\\\". Cuando el primer argumento tiene un car\u00e1cter m\u00e1s que el segundo, o el segundo argumento contiene un car\u00e1cter que tiene uno menos que el car\u00e1cter en la misma posici\u00f3n que el primer argumento, el resultado de == ser\u00e1 \\\"true\\\". Esto podr\u00eda aprovecharse para crear un certificado ileg\u00edtimo que podr\u00eda ser aceptado como leg\u00edtimo y despu\u00e9s emplearse en operaciones de firma o cifrado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"DDD3EC39-B375-4B68-963F-08418673D321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.3.7\",\"matchCriteriaId\":\"4F4CB899-0054-44BB-A3BD-FB225CC663DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.4.4\",\"matchCriteriaId\":\"4A07531E-A788-41ED-8C5D-AAB2F532EA7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndIncluding\":\"2.5.1\",\"matchCriteriaId\":\"70C32AF6-57D9-4F85-857B-4EFC425D9145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*\",\"matchCriteriaId\":\"787FDFC6-E780-4F95-9E46-C5CF77E7EBC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041F9200-4C01-4187-AE34-240E8277B54D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1042105\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3729\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3730\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3731\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3738\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1948\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2565\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://hackerone.com/reports/387250\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190221-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3808-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4332\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1042105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3738\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hackerone.com/reports/387250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190221-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3808-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2018-AVI-589
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2 | ||
| IBM | N/A | IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1 | ||
| IBM | N/A | VRA - Vyatta 5600 | ||
| IBM | WebSphere | IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2 | ||
| IBM | QRadar | IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3 | ||
| IBM | N/A | IBM Social Program Management Design System versions antérieures à 1.4.0 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3 | ||
| IBM | N/A | IBM Lotus Protector for Mail Security version 2.8.1.0 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17 | ||
| IBM | QRadar | IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10 | ||
| IBM | N/A | IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11 | ||
| IBM | WebSphere | WebSphere Application Server versions antérieures à 9.0.0.10 | ||
| IBM | N/A | IBM Voice Gateway versions antérieures à 1.0.0.7a | ||
| IBM | N/A | IBM Lotus Protector for Mail Security version 2.8.3.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VRA - Vyatta 5600",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
},
{
"name": "CVE-2018-10873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
},
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-15594",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
},
{
"name": "CVE-2018-16151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
},
{
"name": "CVE-2018-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
},
{
"name": "CVE-2018-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
},
{
"name": "CVE-2018-1671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
},
{
"name": "CVE-2018-2973",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
},
{
"name": "CVE-2018-16842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
},
{
"name": "CVE-2018-17182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
},
{
"name": "CVE-2018-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
},
{
"name": "CVE-2018-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2018-14618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2017-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2018-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
},
{
"name": "CVE-2018-3180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
},
{
"name": "CVE-2018-1900",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2018-16839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
},
{
"name": "CVE-2018-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
},
{
"name": "CVE-2018-14678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"name": "CVE-2018-16152",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
},
{
"name": "CVE-2018-14734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2018-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
},
{
"name": "CVE-2018-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
},
{
"name": "CVE-2018-8013",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
},
{
"name": "CVE-2018-12539",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
},
{
"name": "CVE-2018-16276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-589",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-10T00:00:00.000000"
},
{
"description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
"revision_date": "2018-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2018-AVI-589
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2 | ||
| IBM | N/A | IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1 | ||
| IBM | N/A | VRA - Vyatta 5600 | ||
| IBM | WebSphere | IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2 | ||
| IBM | QRadar | IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3 | ||
| IBM | N/A | IBM Social Program Management Design System versions antérieures à 1.4.0 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10 | ||
| IBM | N/A | IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3 | ||
| IBM | N/A | IBM Lotus Protector for Mail Security version 2.8.1.0 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17 | ||
| IBM | QRadar | IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10 | ||
| IBM | N/A | IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17 | ||
| IBM | N/A | IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11 | ||
| IBM | WebSphere | WebSphere Application Server versions antérieures à 9.0.0.10 | ||
| IBM | N/A | IBM Voice Gateway versions antérieures à 1.0.0.7a | ||
| IBM | N/A | IBM Lotus Protector for Mail Security version 2.8.3.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VRA - Vyatta 5600",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
},
{
"name": "CVE-2018-10873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
},
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-15594",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
},
{
"name": "CVE-2018-16151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
},
{
"name": "CVE-2018-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
},
{
"name": "CVE-2018-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
},
{
"name": "CVE-2018-1671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
},
{
"name": "CVE-2018-2973",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
},
{
"name": "CVE-2018-16842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
},
{
"name": "CVE-2018-17182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
},
{
"name": "CVE-2018-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
},
{
"name": "CVE-2018-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2018-14618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2017-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2018-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
},
{
"name": "CVE-2018-3180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
},
{
"name": "CVE-2018-1900",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2018-16839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
},
{
"name": "CVE-2018-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
},
{
"name": "CVE-2018-14678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"name": "CVE-2018-16152",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
},
{
"name": "CVE-2018-14734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2018-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
},
{
"name": "CVE-2018-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
},
{
"name": "CVE-2018-8013",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
},
{
"name": "CVE-2018-12539",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
},
{
"name": "CVE-2018-16276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-589",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-10T00:00:00.000000"
},
{
"description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
"revision_date": "2018-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
BDU:2019-03218
Vulnerability from fstec - Published: 17.10.2018
VLAI
Title
Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить подделку сертификата X509
Description
Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby связана с ошибками обработки данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществить подделку сертификата X509
Severity
Vendor
Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., Ruby Team, Oracle Corp., АО «НТЦ ИТ РОСА»
Software Name
Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, Ruby, Oracle Communications Interactive Session Recorder, ROSA Virtualization (запись в едином реестре российских программ №5091), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), от 2.3.0 до 2.3.7 включительно (Ruby), от 2.4.0 до 2.4.4 включительно (Ruby), от 2.5.0 до 2.5.1 включительно (Ruby), от 2.6.0 до 2.6.0-preview2 включительно (Ruby), 6.0 (Oracle Communications Interactive Session Recorder), 6.1 (Oracle Communications Interactive Session Recorder), 6.2 (Oracle Communications Interactive Session Recorder), 6.3 (Oracle Communications Interactive Session Recorder), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для Ruby:
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
Для Ubuntu:
https://usn.ubuntu.com/3808-1/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2018-16395/
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2020.html
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2904
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2903
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://access.redhat.com/errata/RHSA-2018:3729
https://access.redhat.com/errata/RHSA-2018:3730
https://access.redhat.com/errata/RHSA-2018:3731
https://access.redhat.com/errata/RHSA-2018:3738
https://access.redhat.com/errata/RHSA-2019:1948
https://access.redhat.com/errata/RHSA-2019:2565
https://hackerone.com/reports/387250
https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
https://security.netapp.com/advisory/ntap-20190221-0002/
https://usn.ubuntu.com/3808-1/
https://www.debian.org/security/2018/dsa-4332
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
https://www.suse.com/security/cve/CVE-2018-16395/
https://www.oracle.com/security-alerts/cpujan2020.html
https://abf.rosa.ru/advisories/ROSA-SA-2025-2904
https://abf.rosa.ru/advisories/ROSA-SA-2025-2903
CWE
CWE-19
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Ruby Team, Oracle Corp., \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), \u043e\u0442 2.3.0 \u0434\u043e 2.3.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.4.0 \u0434\u043e 2.4.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.5.0 \u0434\u043e 2.5.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.6.0 \u0434\u043e 2.6.0-preview2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), 6.0 (Oracle Communications Interactive Session Recorder), 6.1 (Oracle Communications Interactive Session Recorder), 6.2 (Oracle Communications Interactive Session Recorder), 6.3 (Oracle Communications Interactive Session Recorder), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Ruby:\n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\n\n\n\n\u0414\u043b\u044f Debian\u00a0GNU/Linux:\n\nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\n\n\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://usn.ubuntu.com/3808-1/\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\n\nhttps://www.suse.com/security/cve/CVE-2018-16395/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2020.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2904\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2903",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03218",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-16395",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, Ruby, Oracle Communications Interactive Session Recorder, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Red Hat Inc. Red Hat Enterprise Linux 7.4 EUS , Red Hat Inc. Red Hat Enterprise Linux 7.5 EUS , Red Hat Inc. Red Hat Enterprise Linux 7.6 EUS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 OpenSSL::X509::Name \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL\u00a0\u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 X509",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-19)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 OpenSSL::X509::Name \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL\u00a0\u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 X509",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\n\nhttps://access.redhat.com/errata/RHSA-2018:3729 \n\nhttps://access.redhat.com/errata/RHSA-2018:3730 \n\nhttps://access.redhat.com/errata/RHSA-2018:3731 \n\nhttps://access.redhat.com/errata/RHSA-2018:3738 \n\nhttps://access.redhat.com/errata/RHSA-2019:1948 \n\nhttps://access.redhat.com/errata/RHSA-2019:2565 \n\nhttps://hackerone.com/reports/387250 \n\nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00020.html \n\nhttps://security.netapp.com/advisory/ntap-20190221-0002/ \n\nhttps://usn.ubuntu.com/3808-1/ \n\nhttps://www.debian.org/security/2018/dsa-4332 \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\n\nhttps://www.suse.com/security/cve/CVE-2018-16395/\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2904\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2903",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-19",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2018-16395
Vulnerability from fkie_nvd - Published: 2018-11-16 18:29 - Updated: 2024-11-21 03:52
Severity
Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1042105 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3729 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3730 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3731 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3738 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1948 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2565 | ||
| cve@mitre.org | https://hackerone.com/reports/387250 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0002/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3808-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4332 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | ||
| cve@mitre.org | https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3729 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3730 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3731 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3738 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1948 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2565 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/387250 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3808-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4332 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | openssl | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "DDD3EC39-B375-4B68-963F-08418673D321",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4CB899-0054-44BB-A3BD-FB225CC663DB",
"versionEndIncluding": "2.3.7",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A07531E-A788-41ED-8C5D-AAB2F532EA7A",
"versionEndIncluding": "2.4.4",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C32AF6-57D9-4F85-857B-4EFC425D9145",
"versionEndIncluding": "2.5.1",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*",
"matchCriteriaId": "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*",
"matchCriteriaId": "49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podr\u00edan devolver \"true\". Cuando el primer argumento tiene un car\u00e1cter m\u00e1s que el segundo, o el segundo argumento contiene un car\u00e1cter que tiene uno menos que el car\u00e1cter en la misma posici\u00f3n que el primer argumento, el resultado de == ser\u00e1 \"true\". Esto podr\u00eda aprovecharse para crear un certificado ileg\u00edtimo que podr\u00eda ser aceptado como leg\u00edtimo y despu\u00e9s emplearse en operaciones de firma o cifrado."
}
],
"id": "CVE-2018-16395",
"lastModified": "2024-11-21T03:52:40.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-16T18:29:00.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042105"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/387250"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/387250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-MMRQ-6999-72V8
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2023-07-24 20:06
VLAI
Summary
Ruby Openssl Allows Incorrect Value Comparison
Details
An issue was discovered in the OpenSSL library in Ruby when two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Severity
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-16395"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2023-06-09T22:57:50Z",
"nvd_published_at": "2018-11-16T18:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the OpenSSL library in Ruby when two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"id": "GHSA-mmrq-6999-72v8",
"modified": "2023-07-24T20:06:51Z",
"published": "2022-05-13T01:50:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16395"
},
{
"type": "WEB",
"url": "https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/387250"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3808-1"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190221-0002"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ruby Openssl Allows Incorrect Value Comparison"
}
GSD-2018-16395
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16395",
"description": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"id": "GSD-2018-16395",
"references": [
"https://www.suse.com/security/cve/CVE-2018-16395.html",
"https://www.debian.org/security/2018/dsa-4332",
"https://access.redhat.com/errata/RHSA-2019:2565",
"https://access.redhat.com/errata/RHSA-2019:1948",
"https://access.redhat.com/errata/RHSA-2018:3738",
"https://access.redhat.com/errata/RHSA-2018:3731",
"https://access.redhat.com/errata/RHSA-2018:3730",
"https://access.redhat.com/errata/RHSA-2018:3729",
"https://ubuntu.com/security/CVE-2018-16395",
"https://advisories.mageia.org/CVE-2018-16395.html",
"https://alas.aws.amazon.com/cve/html/CVE-2018-16395.html",
"https://linux.oracle.com/cve/CVE-2018-16395.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-16395"
],
"details": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"id": "GSD-2018-16395",
"modified": "2023-12-13T01:22:25.972742Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name": "RHSA-2018:3738",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"name": "RHSA-2018:3729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "https://hackerone.com/reports/387250",
"refsource": "MISC",
"url": "https://hackerone.com/reports/387250"
},
{
"name": "RHSA-2018:3730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "RHSA-2018:3731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name": "DSA-4332",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"name": "USN-3808-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "1042105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042105"
},
{
"name": "openSUSE-SU-2019:1771",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:1948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"name": "RHSA-2019:2565",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.1.2",
"affected_versions": "All versions before 2.1.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2019-10-03",
"description": "When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"fixed_versions": [
"2.1.2"
],
"identifier": "CVE-2018-16395",
"identifiers": [
"CVE-2018-16395"
],
"not_impacted": "All versions starting from 2.1.2",
"package_slug": "gem/openssl",
"pubdate": "2018-11-16",
"solution": "Upgrade to version 2.1.2 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-16395",
"http://www.securitytracker.com/id/1042105",
"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
],
"uuid": "6324326c-f460-4083-814a-01a9644bef53"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.7",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.4",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.1",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16395"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "https://hackerone.com/reports/387250",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/387250"
},
{
"name": "DSA-4332",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4332"
},
{
"name": "USN-3808-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3808-1/"
},
{
"name": "1042105",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042105"
},
{
"name": "RHSA-2018:3738",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3738"
},
{
"name": "RHSA-2018:3731",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name": "RHSA-2018:3730",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "RHSA-2018:3729",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
},
{
"name": "openSUSE-SU-2019:1771",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:1948",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1948"
},
{
"name": "RHSA-2019:2565",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:2565"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-11-16T18:29Z"
}
}
}
MSRC_CVE-2018-16395
Vulnerability from csaf_microsoft - Published: 2018-11-02 00:00 - Updated: 2020-09-25 00:00Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16878-16820 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16820-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2018/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2018/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-16395.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"tracking": {
"current_release_date": "2020-09-25T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:23:54.152Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2018-16395",
"initial_release_date": "2018-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-09-25T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 openssl 1.1.1k-5",
"product": {
"name": "\u003ccm1 openssl 1.1.1k-5",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 openssl 1.1.1k-5",
"product": {
"name": "cm1 openssl 1.1.1k-5",
"product_id": "16878"
}
}
],
"category": "product_name",
"name": "openssl"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 openssl 1.1.1k-5 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 openssl 1.1.1k-5 as a component of CBL Mariner 1.0",
"product_id": "16878-16820"
},
"product_reference": "16878",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16395",
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16878-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-16395.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-25T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
]
}
OPENSUSE-SU-2019:1771-1
Vulnerability from csaf_opensuse - Published: 2019-07-21 05:37 - Updated: 2019-07-21 05:37Summary
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Severity
Important
Notes
Title of the patch: Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Description of the patch: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/
https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:
- CVE-2019-8320: Delete directory using symlink when
decompressing tar (bsc#1130627)
- CVE-2019-8321: Escape sequence injection vulnerability in
verbose (bsc#1130623)
- CVE-2019-8322: Escape sequence injection vulnerability in gem
owner (bsc#1130622)
- CVE-2019-8323: Escape sequence injection vulnerability in API
response handling (bsc#1130620)
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary
code execution (bsc#1130617)
- CVE-2019-8325: Escape sequence injection vulnerability in
errors (bsc#1130611)
Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
Security issues fixed:
- CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives (bsc#1112532)
- CVE-2018-16395: OpenSSL::X509::Name equality check does not
work correctly (bsc#1112530)
Ruby 2.5 was updated to 2.5.1:
This release includes some bug fixes and some security fixes.
Security issues fixed:
- CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
- CVE-2018-6914: Unintentional file and directory creation with
directory traversal in tempfile and tmpdir (bsc#1087441)
- CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
- CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
- CVE-2018-8779: Unintentional socket creation by poisoned NUL
byte in UNIXServer and UNIXSocket (bsc#1087440)
- CVE-2018-8780: Unintentional directory traversal by poisoned
NUL byte in Dir (bsc#1087437)
- Multiple vulnerabilities in RubyGems were fixed:
- CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058)
- CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014)
- CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011)
- CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010)
- CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009)
- CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008)
- CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)
Other changes:
- Fixed Net::POPMail methods modify frozen literal when using default arg
- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
- build with PIE support (bsc#1130028)
Changes in ruby-bundled-gems-rpmhelper:
- Add a new helper for bundled ruby gems.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1771
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.7 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.4 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
101 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1082007 | self |
| https://bugzilla.suse.com/1082008 | self |
| https://bugzilla.suse.com/1082009 | self |
| https://bugzilla.suse.com/1082010 | self |
| https://bugzilla.suse.com/1082011 | self |
| https://bugzilla.suse.com/1082014 | self |
| https://bugzilla.suse.com/1082058 | self |
| https://bugzilla.suse.com/1087433 | self |
| https://bugzilla.suse.com/1087434 | self |
| https://bugzilla.suse.com/1087436 | self |
| https://bugzilla.suse.com/1087437 | self |
| https://bugzilla.suse.com/1087440 | self |
| https://bugzilla.suse.com/1087441 | self |
| https://bugzilla.suse.com/1112530 | self |
| https://bugzilla.suse.com/1112532 | self |
| https://bugzilla.suse.com/1130028 | self |
| https://bugzilla.suse.com/1130611 | self |
| https://bugzilla.suse.com/1130617 | self |
| https://bugzilla.suse.com/1130620 | self |
| https://bugzilla.suse.com/1130622 | self |
| https://bugzilla.suse.com/1130623 | self |
| https://bugzilla.suse.com/1130627 | self |
| https://bugzilla.suse.com/1133790 | self |
| https://www.suse.com/security/cve/CVE-2017-17742/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000073/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000074/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000075/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000076/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000077/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000078/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000079/ | self |
| https://www.suse.com/security/cve/CVE-2018-16395/ | self |
| https://www.suse.com/security/cve/CVE-2018-16396/ | self |
| https://www.suse.com/security/cve/CVE-2018-6914/ | self |
| https://www.suse.com/security/cve/CVE-2018-8777/ | self |
| https://www.suse.com/security/cve/CVE-2018-8778/ | self |
| https://www.suse.com/security/cve/CVE-2018-8779/ | self |
| https://www.suse.com/security/cve/CVE-2018-8780/ | self |
| https://www.suse.com/security/cve/CVE-2019-8320/ | self |
| https://www.suse.com/security/cve/CVE-2019-8321/ | self |
| https://www.suse.com/security/cve/CVE-2019-8322/ | self |
| https://www.suse.com/security/cve/CVE-2019-8323/ | self |
| https://www.suse.com/security/cve/CVE-2019-8324/ | self |
| https://www.suse.com/security/cve/CVE-2019-8325/ | self |
| https://www.suse.com/security/cve/CVE-2017-17742 | external |
| https://bugzilla.suse.com/1087434 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://bugzilla.suse.com/1152992 | external |
| https://www.suse.com/security/cve/CVE-2018-1000073 | external |
| https://bugzilla.suse.com/1082007 | external |
| https://www.suse.com/security/cve/CVE-2018-1000074 | external |
| https://bugzilla.suse.com/1082008 | external |
| https://bugzilla.suse.com/1175764 | external |
| https://www.suse.com/security/cve/CVE-2018-1000075 | external |
| https://bugzilla.suse.com/1082014 | external |
| https://www.suse.com/security/cve/CVE-2018-1000076 | external |
| https://bugzilla.suse.com/1082009 | external |
| https://www.suse.com/security/cve/CVE-2018-1000077 | external |
| https://bugzilla.suse.com/1082010 | external |
| https://bugzilla.suse.com/1183937 | external |
| https://www.suse.com/security/cve/CVE-2018-1000078 | external |
| https://bugzilla.suse.com/1082011 | external |
| https://www.suse.com/security/cve/CVE-2018-1000079 | external |
| https://bugzilla.suse.com/1082058 | external |
| https://www.suse.com/security/cve/CVE-2018-16395 | external |
| https://bugzilla.suse.com/1112530 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-16396 | external |
| https://bugzilla.suse.com/1112532 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-6914 | external |
| https://bugzilla.suse.com/1087441 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-8777 | external |
| https://bugzilla.suse.com/1087436 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-8778 | external |
| https://bugzilla.suse.com/1087433 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-8779 | external |
| https://bugzilla.suse.com/1087440 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2018-8780 | external |
| https://bugzilla.suse.com/1087437 | external |
| https://bugzilla.suse.com/1136906 | external |
| https://www.suse.com/security/cve/CVE-2019-8320 | external |
| https://bugzilla.suse.com/1130627 | external |
| https://www.suse.com/security/cve/CVE-2019-8321 | external |
| https://bugzilla.suse.com/1130623 | external |
| https://www.suse.com/security/cve/CVE-2019-8322 | external |
| https://bugzilla.suse.com/1130622 | external |
| https://www.suse.com/security/cve/CVE-2019-8323 | external |
| https://bugzilla.suse.com/1130620 | external |
| https://www.suse.com/security/cve/CVE-2019-8324 | external |
| https://bugzilla.suse.com/1130617 | external |
| https://www.suse.com/security/cve/CVE-2019-8325 | external |
| https://bugzilla.suse.com/1130611 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ruby-bundled-gems-rpmhelper, ruby2.5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:\n\nChanges in ruby2.5:\n\nUpdate to 2.5.5 and 2.5.4:\n\nhttps://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/\nhttps://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/\n\nSecurity issues fixed:\n\n- CVE-2019-8320: Delete directory using symlink when\n decompressing tar (bsc#1130627)\n- CVE-2019-8321: Escape sequence injection vulnerability in\n verbose (bsc#1130623)\n- CVE-2019-8322: Escape sequence injection vulnerability in gem\n owner (bsc#1130622)\n- CVE-2019-8323: Escape sequence injection vulnerability in API\n response handling (bsc#1130620)\n- CVE-2019-8324: Installing a malicious gem may lead to arbitrary\n code execution (bsc#1130617)\n- CVE-2019-8325: Escape sequence injection vulnerability in\n errors (bsc#1130611)\n\n\nRuby 2.5 was updated to 2.5.3:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2018-16396: Tainted flags are not propagated in Array#pack\n and String#unpack with some directives (bsc#1112532)\n- CVE-2018-16395: OpenSSL::X509::Name equality check does not\n work correctly (bsc#1112530)\n\nRuby 2.5 was updated to 2.5.1:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)\n- CVE-2018-6914: Unintentional file and directory creation with\n directory traversal in tempfile and tmpdir (bsc#1087441)\n- CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)\n- CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)\n- CVE-2018-8779: Unintentional socket creation by poisoned NUL\n byte in UNIXServer and UNIXSocket (bsc#1087440)\n- CVE-2018-8780: Unintentional directory traversal by poisoned\n NUL byte in Dir (bsc#1087437)\n\n- Multiple vulnerabilities in RubyGems were fixed:\n\n - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058)\n - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014)\n - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011)\n - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010)\n - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009)\n - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008)\n - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)\n\nOther changes:\n\n- Fixed Net::POPMail methods modify frozen literal when using default arg\n- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)\n- build with PIE support (bsc#1130028)\n\n\nChanges in ruby-bundled-gems-rpmhelper:\n\n- Add a new helper for bundled ruby gems.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1771",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1771-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1771-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z/#DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1771-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z/#DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z"
},
{
"category": "self",
"summary": "SUSE Bug 1082007",
"url": "https://bugzilla.suse.com/1082007"
},
{
"category": "self",
"summary": "SUSE Bug 1082008",
"url": "https://bugzilla.suse.com/1082008"
},
{
"category": "self",
"summary": "SUSE Bug 1082009",
"url": "https://bugzilla.suse.com/1082009"
},
{
"category": "self",
"summary": "SUSE Bug 1082010",
"url": "https://bugzilla.suse.com/1082010"
},
{
"category": "self",
"summary": "SUSE Bug 1082011",
"url": "https://bugzilla.suse.com/1082011"
},
{
"category": "self",
"summary": "SUSE Bug 1082014",
"url": "https://bugzilla.suse.com/1082014"
},
{
"category": "self",
"summary": "SUSE Bug 1082058",
"url": "https://bugzilla.suse.com/1082058"
},
{
"category": "self",
"summary": "SUSE Bug 1087433",
"url": "https://bugzilla.suse.com/1087433"
},
{
"category": "self",
"summary": "SUSE Bug 1087434",
"url": "https://bugzilla.suse.com/1087434"
},
{
"category": "self",
"summary": "SUSE Bug 1087436",
"url": "https://bugzilla.suse.com/1087436"
},
{
"category": "self",
"summary": "SUSE Bug 1087437",
"url": "https://bugzilla.suse.com/1087437"
},
{
"category": "self",
"summary": "SUSE Bug 1087440",
"url": "https://bugzilla.suse.com/1087440"
},
{
"category": "self",
"summary": "SUSE Bug 1087441",
"url": "https://bugzilla.suse.com/1087441"
},
{
"category": "self",
"summary": "SUSE Bug 1112530",
"url": "https://bugzilla.suse.com/1112530"
},
{
"category": "self",
"summary": "SUSE Bug 1112532",
"url": "https://bugzilla.suse.com/1112532"
},
{
"category": "self",
"summary": "SUSE Bug 1130028",
"url": "https://bugzilla.suse.com/1130028"
},
{
"category": "self",
"summary": "SUSE Bug 1130611",
"url": "https://bugzilla.suse.com/1130611"
},
{
"category": "self",
"summary": "SUSE Bug 1130617",
"url": "https://bugzilla.suse.com/1130617"
},
{
"category": "self",
"summary": "SUSE Bug 1130620",
"url": "https://bugzilla.suse.com/1130620"
},
{
"category": "self",
"summary": "SUSE Bug 1130622",
"url": "https://bugzilla.suse.com/1130622"
},
{
"category": "self",
"summary": "SUSE Bug 1130623",
"url": "https://bugzilla.suse.com/1130623"
},
{
"category": "self",
"summary": "SUSE Bug 1130627",
"url": "https://bugzilla.suse.com/1130627"
},
{
"category": "self",
"summary": "SUSE Bug 1133790",
"url": "https://bugzilla.suse.com/1133790"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17742 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000073 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000075 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000076 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000077 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000078 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000079 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6914 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8777 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8778 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8779 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8780 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8320 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8321 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8322 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8323 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8324 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8325 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8325/"
}
],
"title": "Security update for ruby-bundled-gems-rpmhelper, ruby2.5",
"tracking": {
"current_release_date": "2019-07-21T05:37:45Z",
"generator": {
"date": "2019-07-21T05:37:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1771-1",
"initial_release_date": "2019-07-21T05:37:45Z",
"revision_history": [
{
"date": "2019-07-21T05:37:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"product": {
"name": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"product_id": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"product": {
"name": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"product_id": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"product_id": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"product_id": "ruby2.5-2.5.5-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"product_id": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"product_id": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"product_id": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"product": {
"name": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"product_id": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch"
},
"product_reference": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch"
},
"product_reference": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch"
},
"product_reference": "ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch"
},
"product_reference": "ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-17742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17742"
}
],
"notes": [
{
"category": "general",
"text": "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17742",
"url": "https://www.suse.com/security/cve/CVE-2017-17742"
},
{
"category": "external",
"summary": "SUSE Bug 1087434 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1087434"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1136906"
},
{
"category": "external",
"summary": "SUSE Bug 1152992 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1152992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-17742"
},
{
"cve": "CVE-2018-1000073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000073"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000073",
"url": "https://www.suse.com/security/cve/CVE-2018-1000073"
},
{
"category": "external",
"summary": "SUSE Bug 1082007 for CVE-2018-1000073",
"url": "https://bugzilla.suse.com/1082007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000073"
},
{
"cve": "CVE-2018-1000074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000074"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000074",
"url": "https://www.suse.com/security/cve/CVE-2018-1000074"
},
{
"category": "external",
"summary": "SUSE Bug 1082008 for CVE-2018-1000074",
"url": "https://bugzilla.suse.com/1082008"
},
{
"category": "external",
"summary": "SUSE Bug 1175764 for CVE-2018-1000074",
"url": "https://bugzilla.suse.com/1175764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2018-1000074"
},
{
"cve": "CVE-2018-1000075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000075"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000075",
"url": "https://www.suse.com/security/cve/CVE-2018-1000075"
},
{
"category": "external",
"summary": "SUSE Bug 1082014 for CVE-2018-1000075",
"url": "https://bugzilla.suse.com/1082014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "low"
}
],
"title": "CVE-2018-1000075"
},
{
"cve": "CVE-2018-1000076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000076"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000076",
"url": "https://www.suse.com/security/cve/CVE-2018-1000076"
},
{
"category": "external",
"summary": "SUSE Bug 1082009 for CVE-2018-1000076",
"url": "https://bugzilla.suse.com/1082009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000076"
},
{
"cve": "CVE-2018-1000077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000077"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000077",
"url": "https://www.suse.com/security/cve/CVE-2018-1000077"
},
{
"category": "external",
"summary": "SUSE Bug 1082010 for CVE-2018-1000077",
"url": "https://bugzilla.suse.com/1082010"
},
{
"category": "external",
"summary": "SUSE Bug 1183937 for CVE-2018-1000077",
"url": "https://bugzilla.suse.com/1183937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000077"
},
{
"cve": "CVE-2018-1000078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000078"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000078",
"url": "https://www.suse.com/security/cve/CVE-2018-1000078"
},
{
"category": "external",
"summary": "SUSE Bug 1082011 for CVE-2018-1000078",
"url": "https://bugzilla.suse.com/1082011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000078"
},
{
"cve": "CVE-2018-1000079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000079"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000079",
"url": "https://www.suse.com/security/cve/CVE-2018-1000079"
},
{
"category": "external",
"summary": "SUSE Bug 1082058 for CVE-2018-1000079",
"url": "https://bugzilla.suse.com/1082058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000079"
},
{
"cve": "CVE-2018-16395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16395"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16395",
"url": "https://www.suse.com/security/cve/CVE-2018-16395"
},
{
"category": "external",
"summary": "SUSE Bug 1112530 for CVE-2018-16395",
"url": "https://bugzilla.suse.com/1112530"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-16395",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2018-16395"
},
{
"cve": "CVE-2018-16396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16396"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16396",
"url": "https://www.suse.com/security/cve/CVE-2018-16396"
},
{
"category": "external",
"summary": "SUSE Bug 1112532 for CVE-2018-16396",
"url": "https://bugzilla.suse.com/1112532"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-16396",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-16396"
},
{
"cve": "CVE-2018-6914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6914"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6914",
"url": "https://www.suse.com/security/cve/CVE-2018-6914"
},
{
"category": "external",
"summary": "SUSE Bug 1087441 for CVE-2018-6914",
"url": "https://bugzilla.suse.com/1087441"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-6914",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "low"
}
],
"title": "CVE-2018-6914"
},
{
"cve": "CVE-2018-8777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8777"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8777",
"url": "https://www.suse.com/security/cve/CVE-2018-8777"
},
{
"category": "external",
"summary": "SUSE Bug 1087436 for CVE-2018-8777",
"url": "https://bugzilla.suse.com/1087436"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8777",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2018-8777"
},
{
"cve": "CVE-2018-8778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8778"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8778",
"url": "https://www.suse.com/security/cve/CVE-2018-8778"
},
{
"category": "external",
"summary": "SUSE Bug 1087433 for CVE-2018-8778",
"url": "https://bugzilla.suse.com/1087433"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8778",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-8778"
},
{
"cve": "CVE-2018-8779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8779"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8779",
"url": "https://www.suse.com/security/cve/CVE-2018-8779"
},
{
"category": "external",
"summary": "SUSE Bug 1087440 for CVE-2018-8779",
"url": "https://bugzilla.suse.com/1087440"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8779",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "low"
}
],
"title": "CVE-2018-8779"
},
{
"cve": "CVE-2018-8780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8780"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8780",
"url": "https://www.suse.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "SUSE Bug 1087437 for CVE-2018-8780",
"url": "https://bugzilla.suse.com/1087437"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8780",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "low"
}
],
"title": "CVE-2018-8780"
},
{
"cve": "CVE-2019-8320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8320"
}
],
"notes": [
{
"category": "general",
"text": "A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user\u0027s machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8320",
"url": "https://www.suse.com/security/cve/CVE-2019-8320"
},
{
"category": "external",
"summary": "SUSE Bug 1130627 for CVE-2019-8320",
"url": "https://bugzilla.suse.com/1130627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8320"
},
{
"cve": "CVE-2019-8321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8321"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8321",
"url": "https://www.suse.com/security/cve/CVE-2019-8321"
},
{
"category": "external",
"summary": "SUSE Bug 1130623 for CVE-2019-8321",
"url": "https://bugzilla.suse.com/1130623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8321"
},
{
"cve": "CVE-2019-8322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8322"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8322",
"url": "https://www.suse.com/security/cve/CVE-2019-8322"
},
{
"category": "external",
"summary": "SUSE Bug 1130622 for CVE-2019-8322",
"url": "https://bugzilla.suse.com/1130622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8322"
},
{
"cve": "CVE-2019-8323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8323"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8323",
"url": "https://www.suse.com/security/cve/CVE-2019-8323"
},
{
"category": "external",
"summary": "SUSE Bug 1130620 for CVE-2019-8323",
"url": "https://bugzilla.suse.com/1130620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8323"
},
{
"cve": "CVE-2019-8324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8324"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8324",
"url": "https://www.suse.com/security/cve/CVE-2019-8324"
},
{
"category": "external",
"summary": "SUSE Bug 1130617 for CVE-2019-8324",
"url": "https://bugzilla.suse.com/1130617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8324"
},
{
"cve": "CVE-2019-8325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8325"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8325",
"url": "https://www.suse.com/security/cve/CVE-2019-8325"
},
{
"category": "external",
"summary": "SUSE Bug 1130611 for CVE-2019-8325",
"url": "https://bugzilla.suse.com/1130611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.0:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.0:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.0:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1.noarch",
"openSUSE Leap 15.1:ruby2.5-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.5-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.5-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.5-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:37:45Z",
"details": "important"
}
],
"title": "CVE-2019-8325"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…