Количество 11
Количество 11
GHSA-mmrq-6999-72v8
Ruby Openssl Allows Incorrect Value Comparison
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16395
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ...
ELSA-2018-3738
ELSA-2018-3738: ruby security update (IMPORTANT)
BDU:2019-03218
Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить подделку сертификата X509
openSUSE-SU-2019:1771-1
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
SUSE-SU-2019:1804-1
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
SUSE-SU-2020:1570-1
Security update for ruby2.1
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mmrq-6999-72v8 Ruby Openssl Allows Incorrect Value Comparison | CVSS3: 9.8 | 4% Низкий | больше 3 лет назад |
 | CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | CVSS3: 9.8 | 4% Низкий | почти 7 лет назад |
 | CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | CVSS3: 7.5 | 4% Низкий | около 7 лет назад |
 | CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | CVSS3: 9.8 | 4% Низкий | почти 7 лет назад |
 | CVSS3: 9.8 | 4% Низкий | около 5 лет назад | |
| CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ... | CVSS3: 9.8 | 4% Низкий | почти 7 лет назад |
| ELSA-2018-3738 ELSA-2018-3738: ruby security update (IMPORTANT) | почти 7 лет назад | ||
 | BDU:2019-03218 Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить подделку сертификата X509 | CVSS3: 9.8 | 4% Низкий | около 7 лет назад |
 | openSUSE-SU-2019:1771-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5 | больше 6 лет назад | ||
| SUSE-SU-2019:1804-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5 | больше 6 лет назад | ||
| SUSE-SU-2020:1570-1 Security update for ruby2.1 | больше 5 лет назад |
Уязвимостей на страницу