Количество 39
Количество 39
RLSA-2021:3020
Important: ruby:2.7 security update
ELSA-2021-3020
ELSA-2021-3020: ruby:2.7 security update (IMPORTANT)
RLSA-2022:0543
Important: ruby:2.6 security update
ELSA-2022-0543
ELSA-2022-0543: ruby:2.6 security update (IMPORTANT)
openSUSE-SU-2021:3838-1
Security update for ruby2.5
openSUSE-SU-2021:1535-1
Security update for ruby2.5
SUSE-SU-2021:3838-1
Security update for ruby2.5
RLSA-2022:0672
Moderate: ruby:2.5 security update
ELSA-2022-0672
ELSA-2022-0672: ruby:2.5 security update (MODERATE)
ELSA-2022-0672-1
ELSA-2022-0672-1: ruby:2.5 security update (MODERATE)
SUSE-SU-2021:3837-1
Security update for ruby2.1
SUSE-SU-2022:1512-1
Security update for ruby2.5
ROS-20240723-03
Множественные уязвимости ruby
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...
GHSA-gx49-h5r3-q3xj
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
BDU:2021-04264
Уязвимость реализации класса Net::IMAP интерпретатора Ruby, позволяющая нарушителю реализовать атаку типа «человек посередине»
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2021:3020 Important: ruby:2.7 security update | почти 4 года назад | ||
| ELSA-2021-3020 ELSA-2021-3020: ruby:2.7 security update (IMPORTANT) | почти 4 года назад | ||
| RLSA-2022:0543 Important: ruby:2.6 security update | больше 3 лет назад | ||
| ELSA-2022-0543 ELSA-2022-0543: ruby:2.6 security update (IMPORTANT) | больше 3 лет назад | ||
 | openSUSE-SU-2021:3838-1 Security update for ruby2.5 | больше 3 лет назад | ||
| openSUSE-SU-2021:1535-1 Security update for ruby2.5 | больше 3 лет назад | ||
| SUSE-SU-2021:3838-1 Security update for ruby2.5 | больше 3 лет назад | ||
| RLSA-2022:0672 Moderate: ruby:2.5 security update | больше 3 лет назад | ||
| ELSA-2022-0672 ELSA-2022-0672: ruby:2.5 security update (MODERATE) | больше 3 лет назад | ||
| ELSA-2022-0672-1 ELSA-2022-0672-1: ruby:2.5 security update (MODERATE) | больше 3 лет назад | ||
| SUSE-SU-2021:3837-1 Security update for ruby2.1 | больше 3 лет назад | ||
| SUSE-SU-2022:1512-1 Security update for ruby2.5 | около 3 лет назад | ||
 | ROS-20240723-03 Множественные уязвимости ruby | CVSS3: 6.5 | 11 месяцев назад | |
 | CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
 | CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
 | CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ... | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| GHSA-gx49-h5r3-q3xj An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
 | BDU:2021-04264 Уязвимость реализации класса Net::IMAP интерпретатора Ruby, позволяющая нарушителю реализовать атаку типа «человек посередине» | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | CVSS3: 8.8 | 12% Средний | около 4 лет назад |
Уязвимостей на страницу