ruby2.5 (SUSE:Linux Enterprise High Performance Computing 15-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15-LTSS package ruby2.5, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2019-16255 — CVSS 8.1 (high): Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument)…
CVE-2022-28739 — CVSS 7.5 (high): There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in…
CVE-2019-16201 — CVSS 7.5 (high): WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of…
CVE-2020-25613 — CVSS 7.5 (high): An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with…
CVE-2021-41817 — CVSS 7.5 (high): Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions…
CVE-2021-32066 — CVSS 7.4 (high): An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when…
CVE-2021-31799 — CVSS 7.0 (high): In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a…
CVE-2019-15845 — CVSS 6.5 (medium): Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
CVE-2020-8130 — CVSS 6.4 (medium): There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe…
CVE-2012-6708 — CVSS 6.1 (medium): jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors…
CVE-2015-9251 — CVSS 6.1 (medium): jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType…
CVE-2021-31810 — CVSS 5.8 (medium): An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response…
CVE-2019-16254 — CVSS 5.3 (medium): Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts…