Created
December 2, 2022 13:14
-
-
Save rootcfg/d35ffc9f2ec7ccf0dfad97d937f14008 to your computer and use it in GitHub Desktop.
9.4.0.0_CVE
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Dependency-Check Report</title> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
<link rel="shortcut icon" href="data:;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAVLSURBVFhHvZdvbFRFEMB3913v9Vr+FKUNRdtrewg1lQgRE0gMYkJSowYMwcSPkGDwg8ZigMR+UYzGaIuAEj+R+IfE+EUlRL+QYAwhGBMqkFQDpO1xd/YPBaSU9u767r0dZ5a513vtXVsq8Zcsb3bu9c3szuzsIMU8iEaj5fhYJlzRYCkZ7Utd+wbnQL+Nd0TeoyeAPLFgf/oiyTNxXw6g4WUhTz4JEtaiNXLCEE8l3seHJjlzsOJHfLxMsgHE4cje9B6eTUPxc0ZoxbFHG1qVFq9rCRsKjc+KFG3oFGQ6Kw6xJsCsDqDxNZYWbWSYVUFAJFkyaA2XWAxiHIlcGPukYg1rDCVDQKsOadmqBaxllY8CuKHBuqOlHlNKufFk/GdUmxxoeqTpMbBg1dGXRlZtqHc2R8rgedIXgk4eqNyXMblS1AE2vhWNP84qAxl2hewno6wyFHOAZOLAc6PRbU+kd2OyrmbVPTg3pjlQzDgazGmh40rKMY3LZrVBCi/Tl0z+gqJxYGV9fWNOWC0kF3Jm1/C2pZWwk6cG2olpOcDb7hsHgLQGcUWAGs0bV1K7EuSQFbbOLKmuPkOvkZ64mkzG8bXz5BirDBuP1fzQP6I+5yl9eAS9vxjYAVz9esx0P2a0ck+73VKGPFaR8Vtpx7k0ODiYZlVJmpcvfzirwi1SyUWsMiF5ZXX6A1zJzsq9mRO+A7T1lO2BIyZVN/6bJZFWnQO4Wl1dnerq6sqRbq401TWtw9qxjGT6zhfbs3+0Hrw+THPfgVhdA8Xdz3j84RpIdZOngrY1kUgMOR3lG1kVREkHhBp3smJ4wdLmf+TuoJOxuroW3NI6zN6L9B1W33MAV1+FW99mNIgUclBaYtCPObjx3lTqT5KxqJyk52y4nv5u4f7stzzNY+Hww0ncS0JXBIoDWryRN07JVlVTc9Xo74OQpV7F6ndk5CO7iVVEwDihVqxYYVtKrOc5bckIgHJIpnhl3MxfpWIuJZyWAMdo0Io1AOXMJFI0hm3VzrOiYG2BmsLEAz0Zd9DWzZmyHd/tLt+bOUmDthuzun3C8dryjqCDdzF5tqcPRr40f1AElcvl6lgmJkC5d1kWYS8bZ3HOVL0z0TcKiz70tBjAML4opVgsoeB2nIJyXfeKJfRxGo52j4ds+xwWmN9t1/7t8sDALX7vvqjdd31cChgi40YhZdXUSyiPGkAjPalUL43+/v6/e3p6btC4PHB5XsZ9sMqxZJAWbGIxwJz6gfkAWl5jcUYUbU1+3D60uIp0PPwiNR/wZAW3HERRh5Sy4C3LEhdoiAn368b6xhdoxKLRVn5nXmDpfZZFg7J00f5QgRYJlkV5GWyJVnk2yRpUKBaLFZ6QOYMFaAdW0x08xcXDr5E9E8V3wAmFD7NseO3pMf8uh1xuJYuzQuGjMJreT4rJc4/XrvZk6aZ0yZ47WPkm47M55mxnET23IrW1tRU8DUBFBlf2faYzcptGuefETRix9+NXDNhLHJmpPTenAON1xMyQRbZevaV5ooanwrbsdSz6kPF8kaEz7o9CqOEAvPO59yuFccBR4a/MjGnfNDp5M2IzgQnpd8QB41NBoxRvarWyVrgRe77Ad4vhHzX6H41S8l2eitO9ZR+/+dNDZ3lqbsW+VN/52x12YxlY04xbZd5IqUSbCd8BSiLby13AlTWwSnx6tvKNY10LzCmhm7E3kTiFYqAp/a/4lZCSUYIX6Frffmb86K6nxqJknDoZVD1Q48S0ajc1FBTXU8mFzVs/G77OmgdK0XLLZ7nNnGHuXvmn/w9yYrwzUvIefzAI8S83C2sS1J4rmAAAAABJRU5ErkJggg==" /> | |
<script type="text/javascript"> | |
/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */ | |
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document,k=0,r=0,m=ue(),x=ue(),A=ue(),N=ue(),D=function(e,t){return e===t&&(l=!0),0},j={}.hasOwnProperty,t=[],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",I="(?:\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+",W="\\["+M+"*("+I+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+I+"))|)"+M+"*\\]",F=":("+I+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+W+")*)|.*)\\)|)",B=new RegExp(M+"+","g"),$=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),_=new RegExp("^"+M+"*,"+M+"*"),z=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="<a id='"+S+"'></a><select id='"+S+"-\r\\' msallowcapture=''><option selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0<se(t,C,null,[e]).length},se.contains=function(e,t){return(e.ownerDocument||e)!=C&&T(e),y(e,t)},se.attr=function(e,t){(e.ownerDocument||e)!=C&&T(e);var n=b.attrHandle[t.toLowerCase()],r=n&&j.call(b.attrHandle,t.toLowerCase())?n(e,t,!E):void 0;return void 0!==r?r:d.attributes||!E?e.getAttribute(t):(r=e.getAttributeNode(t))&&r.specified?r.value:null},se.escape=function(e){return(e+"").replace(re,ie)},se.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},se.uniqueSort=function(e){var t,n=[],r=0,i=0;if(l=!d.detectDuplicates,u=!d.sortStable&&e.slice(0),e.sort(D),l){while(t=e[i++])t===e[i]&&(r=n.push(i));while(r--)e.splice(n[r],1)}return u=null,e},o=se.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else while(t=e[r++])n+=o(t);return n},(b=se.selectors={cacheLength:50,createPseudo:le,match:G,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1<t.indexOf(i):"$="===r?i&&t.slice(-i.length)===i:"~="===r?-1<(" "+t.replace(B," ")+" ").indexOf(i):"|="===r&&(t===i||t.slice(0,i.length+1)===i+"-"))}},CHILD:function(h,e,t,g,v){var y="nth"!==h.slice(0,3),m="last"!==h.slice(-4),x="of-type"===e;return 1===g&&0===v?function(e){return!!e.parentNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if(1===a.nodeType&&++d&&a===e){i[h]=[k,s,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]=[k,d]),a===e))break;return(d-=v)===g||d%g==0&&0<=d/g}}},PSEUDO:function(e,o){var t,a=b.pseudos[e]||b.setFilters[e.toLowerCase()]||se.error("unsupported pseudo: "+e);return a[S]?a(o):1<a.length?(t=[e,e,"",o],b.setFilters.hasOwnProperty(e.toLowerCase())?le(function(e,t){var n,r=a(e,o),i=r.length;while(i--)e[n=P(e,r[i])]=!(t[n]=r[i])}):function(e){return a(e,0,t)}):a}},pseudos:{not:le(function(e){var r=[],i=[],s=f(e.replace($,"$1"));return s[S]?le(function(e,t,n,r){var i,o=s(e,null,r,[]),a=e.length;while(a--)(i=o[a])&&(e[a]=!(t[a]=i))}):function(e,t,n){return r[0]=e,s(r,null,n,i),r[0]=null,!i.pop()}}),has:le(function(t){return function(e){return 0<se(t,e).length}}),contains:le(function(t){return t=t.replace(te,ne),function(e){return-1<(e.textContent||o(e)).indexOf(t)}}),lang:le(function(n){return V.test(n||"")||se.error("unsupported lang: "+n),n=n.replace(te,ne).toLowerCase(),function(e){var t;do{if(t=E?e.lang:e.getAttribute("xml:lang")||e.getAttribute("lang"))return(t=t.toLowerCase())===n||0===t.indexOf(n+"-")}while((e=e.parentNode)&&1===e.nodeType);return!1}}),target:function(e){var t=n.location&&n.location.hash;return t&&t.slice(1)===e.id},root:function(e){return e===a},focus:function(e){return e===C.activeElement&&(!C.hasFocus||C.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:ge(!1),disabled:ge(!0),checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,!0===e.selected},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!b.pseudos.empty(e)},header:function(e){return J.test(e.nodeName)},input:function(e){return Q.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},first:ve(function(){return[0]}),last:ve(function(e,t){return[t-1]}),eq:ve(function(e,t,n){return[n<0?n+t:n]}),even:ve(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:ve(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:ve(function(e,t,n){for(var r=n<0?n+t:t<n?t:n;0<=--r;)e.push(r);return e}),gt:ve(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}}).pseudos.nth=b.pseudos.eq,{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})b.pseudos[e]=de(e);for(e in{submit:!0,reset:!0})b.pseudos[e]=he(e);function me(){}function xe(e){for(var t=0,n=e.length,r="";t<n;t++)r+=e[t].value;return r}function be(s,e,t){var u=e.dir,l=e.next,c=l||u,f=t&&"parentNode"===c,p=r++;return e.first?function(e,t,n){while(e=e[u])if(1===e.nodeType||f)return s(e,t,n);return!1}:function(e,t,n){var r,i,o,a=[k,p];if(n){while(e=e[u])if((1===e.nodeType||f)&&s(e,t,n))return!0}else while(e=e[u])if(1===e.nodeType||f)if(i=(o=e[S]||(e[S]={}))[e.uniqueID]||(o[e.uniqueID]={}),l&&l===e.nodeName.toLowerCase())e=e[u]||e;else{if((r=i[c])&&r[0]===k&&r[1]===p)return a[2]=r[2];if((i[c]=a)[2]=s(e,t,n))return!0}return!1}}function we(i){return 1<i.length?function(e,t,n){var r=i.length;while(r--)if(!i[r](e,t,n))return!1;return!0}:i[0]}function Te(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;s<u;s++)(o=e[s])&&(n&&!n(o,r,i)||(a.push(o),l&&t.push(s)));return a}function Ce(d,h,g,v,y,e){return v&&!v[S]&&(v=Ce(v)),y&&!y[S]&&(y=Ce(y,e)),le(function(e,t,n,r){var i,o,a,s=[],u=[],l=t.length,c=e||function(e,t,n){for(var r=0,i=t.length;r<i;r++)se(e,t[r],n);return n}(h||"*",n.nodeType?[n]:n,[]),f=!d||!e&&h?c:Te(c,s,d,n,r),p=g?y||(e?d:l||v)?[]:t:f;if(g&&g(f,p,n,r),v){i=Te(p,u),v(i,[],n,r),o=i.length;while(o--)(a=i[o])&&(p[u[o]]=!(f[u[o]]=a))}if(e){if(y||d){if(y){i=[],o=p.length;while(o--)(a=p[o])&&i.push(f[o]=a);y(null,p=[],i,r)}o=p.length;while(o--)(a=p[o])&&-1<(i=y?P(e,a):s[o])&&(e[i]=!(t[i]=a))}}else p=Te(p===t?p.splice(l,p.length):p),y?y(null,t,p,r):H.apply(t,p)})}function Ee(e){for(var i,t,n,r=e.length,o=b.relative[e[0].type],a=o||b.relative[" "],s=o?1:0,u=be(function(e){return e===i},a,!0),l=be(function(e){return-1<P(i,e)},a,!0),c=[function(e,t,n){var r=!o&&(n||t!==w)||((i=t).nodeType?u(e,t,n):l(e,t,n));return i=null,r}];s<r;s++)if(t=b.relative[e[s].type])c=[be(we(c),t)];else{if((t=b.filter[e[s].type].apply(null,e[s].matches))[S]){for(n=++s;n<r;n++)if(b.relative[e[n].type])break;return Ce(1<s&&we(c),1<s&&xe(e.slice(0,s-1).concat({value:" "===e[s-2].type?"*":""})).replace($,"$1"),t,s<n&&Ee(e.slice(s,n)),n<r&&Ee(e=e.slice(n)),n<r&&xe(e))}c.push(t)}return we(c)}return me.prototype=b.filters=b.pseudos,b.setFilters=new me,h=se.tokenize=function(e,t){var n,r,i,o,a,s,u,l=x[e+" "];if(l)return t?0:l.slice(0);a=e,s=[],u=b.preFilter;while(a){for(o in n&&!(r=_.exec(a))||(r&&(a=a.slice(r[0].length)||a),s.push(i=[])),n=!1,(r=z.exec(a))&&(n=r.shift(),i.push({value:n,type:r[0].replace($," ")}),a=a.slice(n.length)),b.filter)!(r=G[o].exec(a))||u[o]&&!(r=u[o](r))||(n=r.shift(),i.push({value:n,type:o,matches:r}),a=a.slice(n.length));if(!n)break}return t?a.length:a?se.error(e):x(e,s).slice(0)},f=se.compile=function(e,t){var n,v,y,m,x,r,i=[],o=[],a=A[e+" "];if(!a){t||(t=h(e)),n=t.length;while(n--)(a=Ee(t[n]))[S]?i.push(a):o.push(a);(a=A(e,(v=o,m=0<(y=i).length,x=0<v.length,r=function(e,t,n,r,i){var o,a,s,u=0,l="0",c=e&&[],f=[],p=w,d=e||x&&b.find.TAG("*",i),h=k+=null==p?1:Math.random()||.1,g=d.length;for(i&&(w=t==C||t||i);l!==g&&null!=(o=d[l]);l++){if(x&&o){a=0,t||o.ownerDocument==C||(T(o),n=!E);while(s=v[a++])if(s(o,t||C,n)){r.push(o);break}i&&(k=h)}m&&((o=!s&&o)&&u--,e&&c.push(o))}if(u+=l,m&&l!==u){a=0;while(s=y[a++])s(c,f,t,n);if(e){if(0<u)while(l--)c[l]||f[l]||(f[l]=q.call(r));f=Te(f)}H.apply(r,f),i&&!e&&0<f.length&&1<u+y.length&&se.uniqueSort(r)}return i&&(k=h,w=p),c},m?le(r):r))).selector=e}return a},g=se.select=function(e,t,n,r){var i,o,a,s,u,l="function"==typeof e&&e,c=!r&&h(e=l.selector||e);if(n=n||[],1===c.length){if(2<(o=c[0]=c[0].slice(0)).length&&"ID"===(a=o[0]).type&&9===t.nodeType&&E&&b.relative[o[1].type]){if(!(t=(b.find.ID(a.matches[0].replace(te,ne),t)||[])[0]))return n;l&&(t=t.parentNode),e=e.slice(o.shift().value.length)}i=G.needsContext.test(e)?0:o.length;while(i--){if(a=o[i],b.relative[s=a.type])break;if((u=b.find[s])&&(r=u(a.matches[0].replace(te,ne),ee.test(o[0].type)&&ye(t.parentNode)||t))){if(o.splice(i,1),!(e=r.length&&xe(o)))return H.apply(n,r),n;break}}}return(l||f(e,c))(r,t,!E,n,!t||ee.test(e)&&ye(t.parentNode)||t),n},d.sortStable=S.split("").sort(D).join("")===S,d.detectDuplicates=!!l,T(),d.sortDetached=ce(function(e){return 1&e.compareDocumentPosition(C.createElement("fieldset"))}),ce(function(e){return e.innerHTML="<a href='#'></a>","#"===e.firstChild.getAttribute("href")})||fe("type|href|height|width",function(e,t,n){if(!n)return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}),d.attributes&&ce(function(e){return e.innerHTML="<input/>",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")})||fe("value",function(e,t,n){if(!n&&"input"===e.nodeName.toLowerCase())return e.defaultValue}),ce(function(e){return null==e.getAttribute("disabled")})||fe(R,function(e,t,n){var r;if(!n)return!0===e[t]?t.toLowerCase():(r=e.getAttributeNode(t))&&r.specified?r.value:null}),se}(C);S.find=d,S.expr=d.selectors,S.expr[":"]=S.expr.pseudos,S.uniqueSort=S.unique=d.uniqueSort,S.text=d.getText,S.isXMLDoc=d.isXML,S.contains=d.contains,S.escapeSelector=d.escape;var h=function(e,t,n){var r=[],i=void 0!==n;while((e=e[t])&&9!==e.nodeType)if(1===e.nodeType){if(i&&S(e).is(n))break;r.push(e)}return r},T=function(e,t){for(var n=[];e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n},k=S.expr.match.needsContext;function A(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}var N=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function D(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1<i.call(n,e)!==r}):S.filter(n,e,r)}S.filter=function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?S.find.matchesSelector(r,e)?[r]:[]:S.find.matches(e,S.grep(t,function(e){return 1===e.nodeType}))},S.fn.extend({find:function(e){var t,n,r=this.length,i=this;if("string"!=typeof e)return this.pushStack(S(e).filter(function(){for(t=0;t<r;t++)if(S.contains(i[t],this))return!0}));for(n=this.pushStack([]),t=0;t<r;t++)S.find(e,i[t],n);return 1<r?S.uniqueSort(n):n},filter:function(e){return this.pushStack(D(this,e||[],!1))},not:function(e){return this.pushStack(D(this,e||[],!0))},is:function(e){return!!D(this,"string"==typeof e&&k.test(e)?S(e):e||[],!1).length}});var j,q=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||j,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,j=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e<n;e++)if(S.contains(this,t[e]))return!0})},closest:function(e,t){var n,r=0,i=this.length,o=[],a="string"!=typeof e&&S(e);if(!k.test(e))for(;r<i;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(n.nodeType<11&&(a?-1<a.index(n):1===n.nodeType&&S.find.matchesSelector(n,e))){o.push(n);break}return this.pushStack(1<o.length?S.uniqueSort(o):o)},index:function(e){return e?"string"==typeof e?i.call(S(e),this[0]):i.call(this,e.jquery?e[0]:e):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){return this.pushStack(S.uniqueSort(S.merge(this.get(),S(e,t))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),S.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return h(e,"parentNode")},parentsUntil:function(e,t,n){return h(e,"parentNode",n)},next:function(e){return O(e,"nextSibling")},prev:function(e){return O(e,"previousSibling")},nextAll:function(e){return h(e,"nextSibling")},prevAll:function(e){return h(e,"previousSibling")},nextUntil:function(e,t,n){return h(e,"nextSibling",n)},prevUntil:function(e,t,n){return h(e,"previousSibling",n)},siblings:function(e){return T((e.parentNode||{}).firstChild,e)},children:function(e){return T(e.firstChild)},contents:function(e){return null!=e.contentDocument&&r(e.contentDocument)?e.contentDocument:(A(e,"template")&&(e=e.content||e),S.merge([],e.childNodes))}},function(r,i){S.fn[r]=function(e,t){var n=S.map(this,i,e);return"Until"!==r.slice(-5)&&(t=e),t&&"string"==typeof t&&(n=S.filter(t,n)),1<this.length&&(H[r]||S.uniqueSort(n),L.test(r)&&n.reverse()),this.pushStack(n)}});var P=/[^\x20\t\r\n\f]+/g;function R(e){return e}function M(e){throw e}function I(e,t,n,r){var i;try{e&&m(i=e.promise)?i.call(e).done(t).fail(n):e&&m(i=e.then)?i.call(e,t,n):t.apply(void 0,[e].slice(r))}catch(e){n.apply(void 0,[e])}}S.Callbacks=function(r){var e,n;r="string"==typeof r?(e=r,n={},S.each(e.match(P)||[],function(e,t){n[t]=!0}),n):S.extend({},r);var i,t,o,a,s=[],u=[],l=-1,c=function(){for(a=a||r.once,o=i=!0;u.length;l=-1){t=u.shift();while(++l<s.length)!1===s[l].apply(t[0],t[1])&&r.stopOnFalse&&(l=s.length,t=!1)}r.memory||(t=!1),i=!1,a&&(s=t?[]:"")},f={add:function(){return s&&(t&&!i&&(l=s.length-1,u.push(t)),function n(e){S.each(e,function(e,t){m(t)?r.unique&&f.has(t)||s.push(t):t&&t.length&&"string"!==w(t)&&n(t)})}(arguments),t&&!i&&c()),this},remove:function(){return S.each(arguments,function(e,t){var n;while(-1<(n=S.inArray(t,s,n)))s.splice(n,1),n<=l&&l--}),this},has:function(e){return e?-1<S.inArray(e,s):0<s.length},empty:function(){return s&&(s=[]),this},disable:function(){return a=u=[],s=t="",this},disabled:function(){return!s},lock:function(){return a=u=[],t||i||(s=t=""),this},locked:function(){return!!a},fireWith:function(e,t){return a||(t=[e,(t=t||[]).slice?t.slice():t],u.push(t),i||c()),this},fire:function(){return f.fireWith(this,arguments),this},fired:function(){return!!o}};return f},S.extend({Deferred:function(e){var o=[["notify","progress",S.Callbacks("memory"),S.Callbacks("memory"),2],["resolve","done",S.Callbacks("once memory"),S.Callbacks("once memory"),0,"resolved"],["reject","fail",S.Callbacks("once memory"),S.Callbacks("once memory"),1,"rejected"]],i="pending",a={state:function(){return i},always:function(){return s.done(arguments).fail(arguments),this},"catch":function(e){return a.then(null,e)},pipe:function(){var i=arguments;return S.Deferred(function(r){S.each(o,function(e,t){var n=m(i[t[4]])&&i[t[4]];s[t[1]](function(){var e=n&&n.apply(this,arguments);e&&m(e.promise)?e.promise().progress(r.notify).done(r.resolve).fail(r.reject):r[t[0]+"With"](this,n?[e]:arguments)})}),i=null}).promise()},then:function(t,n,r){var u=0;function l(i,o,a,s){return function(){var n=this,r=arguments,e=function(){var e,t;if(!(i<u)){if((e=a.apply(n,r))===o.promise())throw new TypeError("Thenable self-resolution");t=e&&("object"==typeof e||"function"==typeof e)&&e.then,m(t)?s?t.call(e,l(u,o,R,s),l(u,o,M,s)):(u++,t.call(e,l(u,o,R,s),l(u,o,M,s),l(u,o,R,o.notifyWith))):(a!==R&&(n=void 0,r=[e]),(s||o.resolveWith)(n,r))}},t=s?e:function(){try{e()}catch(e){S.Deferred.exceptionHook&&S.Deferred.exceptionHook(e,t.stackTrace),u<=i+1&&(a!==M&&(n=void 0,r=[e]),o.rejectWith(n,r))}};i?t():(S.Deferred.getStackHook&&(t.stackTrace=S.Deferred.getStackHook()),C.setTimeout(t))}}return S.Deferred(function(e){o[0][3].add(l(0,e,m(r)?r:R,e.notifyWith)),o[1][3].add(l(0,e,m(t)?t:R)),o[2][3].add(l(0,e,m(n)?n:M))}).promise()},promise:function(e){return null!=e?S.extend(e,a):a}},s={};return S.each(o,function(e,t){var n=t[2],r=t[5];a[t[1]]=n.add,r&&n.add(function(){i=r},o[3-e][2].disable,o[3-e][3].disable,o[0][2].lock,o[0][3].lock),n.add(t[3].fire),s[t[0]]=function(){return s[t[0]+"With"](this===s?void 0:this,arguments),this},s[t[0]+"With"]=n.fireWith}),a.promise(s),e&&e.call(s,s),s},when:function(e){var n=arguments.length,t=n,r=Array(t),i=s.call(arguments),o=S.Deferred(),a=function(t){return function(e){r[t]=this,i[t]=1<arguments.length?s.call(arguments):e,--n||o.resolveWith(r,i)}};if(n<=1&&(I(e,o.done(a(t)).resolve,o.reject,!n),"pending"===o.state()||m(i[t]&&i[t].then)))return o.then();while(t--)I(i[t],a(t),o.reject);return o.promise()}});var W=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;S.Deferred.exceptionHook=function(e,t){C.console&&C.console.warn&&e&&W.test(e.name)&&C.console.warn("jQuery.Deferred exception: "+e.message,e.stack,t)},S.readyException=function(e){C.setTimeout(function(){throw e})};var F=S.Deferred();function B(){E.removeEventListener("DOMContentLoaded",B),C.removeEventListener("load",B),S.ready()}S.fn.ready=function(e){return F.then(e)["catch"](function(e){S.readyException(e)}),this},S.extend({isReady:!1,readyWait:1,ready:function(e){(!0===e?--S.readyWait:S.isReady)||(S.isReady=!0)!==e&&0<--S.readyWait||F.resolveWith(E,[S])}}),S.ready.then=F.then,"complete"===E.readyState||"loading"!==E.readyState&&!E.documentElement.doScroll?C.setTimeout(S.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(e){return e.replace(_,"ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(e,t,n){var r,i=this.cache(e);if("string"==typeof t)i[X(t)]=n;else for(r in t)i[X(r)]=t[r];return i},get:function(e,t){return void 0===t?this.cache(e):e[this.expando]&&e[this.expando][X(t)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(e,t){var n,r=e[this.expando];if(void 0!==r){if(void 0!==t){n=(t=Array.isArray(t)?t.map(X):(t=X(t))in r?[t]:t.match(P)||[]).length;while(n--)delete r[t[n]]}(void 0===t||S.isEmptyObject(r))&&(e.nodeType?e[this.expando]=void 0:delete e[this.expando])}},hasData:function(e){var t=e[this.expando];return void 0!==t&&!S.isEmptyObject(t)}};var Y=new G,Q=new G,J=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,K=/[A-Z]/g;function Z(e,t,n){var r,i;if(void 0===n&&1===e.nodeType)if(r="data-"+t.replace(K,"-$&").toLowerCase(),"string"==typeof(n=e.getAttribute(r))){try{n="true"===(i=n)||"false"!==i&&("null"===i?null:i===+i+""?+i:J.test(i)?JSON.parse(i):i)}catch(e){}Q.set(e,t,n)}else n=void 0;return n}S.extend({hasData:function(e){return Q.hasData(e)||Y.hasData(e)},data:function(e,t,n){return Q.access(e,t,n)},removeData:function(e,t){Q.remove(e,t)},_data:function(e,t,n){return Y.access(e,t,n)},_removeData:function(e,t){Y.remove(e,t)}}),S.fn.extend({data:function(n,e){var t,r,i,o=this[0],a=o&&o.attributes;if(void 0===n){if(this.length&&(i=Q.get(o),1===o.nodeType&&!Y.get(o,"hasDataAttrs"))){t=a.length;while(t--)a[t]&&0===(r=a[t].name).indexOf("data-")&&(r=X(r.slice(5)),Z(o,r,i[r]));Y.set(o,"hasDataAttrs",!0)}return i}return"object"==typeof n?this.each(function(){Q.set(this,n)}):$(this,function(e){var t;if(o&&void 0===e)return void 0!==(t=Q.get(o,n))?t:void 0!==(t=Z(o,n))?t:void 0;this.each(function(){Q.set(this,n,e)})},null,e,1<arguments.length,null,!0)},removeData:function(e){return this.each(function(){Q.remove(this,e)})}}),S.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=Y.get(e,t),n&&(!r||Array.isArray(n)?r=Y.access(e,t,S.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=S.queue(e,t),r=n.length,i=n.shift(),o=S._queueHooks(e,t);"inprogress"===i&&(i=n.shift(),r--),i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,function(){S.dequeue(e,t)},o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return Y.get(e,n)||Y.access(e,n,{empty:S.Callbacks("once memory").add(function(){Y.remove(e,[t+"queue",n])})})}}),S.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?S.queue(this[0],t):void 0===n?this:this.each(function(){var e=S.queue(this,t,n);S._queueHooks(this,t),"fx"===t&&"inprogress"!==e[0]&&S.dequeue(this,t)})},dequeue:function(e){return this.each(function(){S.dequeue(this,e)})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,t){var n,r=1,i=S.Deferred(),o=this,a=this.length,s=function(){--r||i.resolveWith(o,[o])};"string"!=typeof e&&(t=e,e=void 0),e=e||"fx";while(a--)(n=Y.get(o[a],e+"queueHooks"))&&n.empty&&(r++,n.empty.add(s));return s(),i.promise(t)}});var ee=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,te=new RegExp("^(?:([+-])=|)("+ee+")([a-z%]*)$","i"),ne=["Top","Right","Bottom","Left"],re=E.documentElement,ie=function(e){return S.contains(e.ownerDocument,e)},oe={composed:!0};re.getRootNode&&(ie=function(e){return S.contains(e.ownerDocument,e)||e.getRootNode(oe)===e.ownerDocument});var ae=function(e,t){return"none"===(e=t||e).style.display||""===e.style.display&&ie(e)&&"none"===S.css(e,"display")};function se(e,t,n,r){var i,o,a=20,s=r?function(){return r.cur()}:function(){return S.css(e,t,"")},u=s(),l=n&&n[3]||(S.cssNumber[t]?"":"px"),c=e.nodeType&&(S.cssNumber[t]||"px"!==l&&+u)&&te.exec(S.css(e,t));if(c&&c[3]!==l){u/=2,l=l||c[3],c=+u||1;while(a--)S.style(e,t,c+l),(1-o)*(1-(o=s()/u||.5))<=0&&(a=0),c/=o;c*=2,S.style(e,t,c+l),n=n||[]}return n&&(c=+c||+u||0,i=n[1]?c+(n[1]+1)*n[2]:+n[2],r&&(r.unit=l,r.start=c,r.end=i)),i}var ue={};function le(e,t){for(var n,r,i,o,a,s,u,l=[],c=0,f=e.length;c<f;c++)(r=e[c]).style&&(n=r.style.display,t?("none"===n&&(l[c]=Y.get(r,"display")||null,l[c]||(r.style.display="")),""===r.style.display&&ae(r)&&(l[c]=(u=a=o=void 0,a=(i=r).ownerDocument,s=i.nodeName,(u=ue[s])||(o=a.body.appendChild(a.createElement(s)),u=S.css(o,"display"),o.parentNode.removeChild(o),"none"===u&&(u="block"),ue[s]=u)))):"none"!==n&&(l[c]="none",Y.set(r,"display",n)));for(c=0;c<f;c++)null!=l[c]&&(e[c].style.display=l[c]);return e}S.fn.extend({show:function(){return le(this,!0)},hide:function(){return le(this)},toggle:function(e){return"boolean"==typeof e?e?this.show():this.hide():this.each(function(){ae(this)?S(this).show():S(this).hide()})}});var ce,fe,pe=/^(?:checkbox|radio)$/i,de=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="<textarea>x</textarea>",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="<option></option>",y.option=!!ce.lastChild;var ge={thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n<r;n++)Y.set(e[n],"globalEval",!t||Y.get(t[n],"globalEval"))}ge.tbody=ge.tfoot=ge.colgroup=ge.caption=ge.thead,ge.th=ge.td,y.option||(ge.optgroup=ge.option=[1,"<select multiple='multiple'>","</select>"]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d<h;d++)if((o=e[d])||0===o)if("object"===w(o))S.merge(p,o.nodeType?[o]:o);else if(me.test(o)){a=a||f.appendChild(t.createElement("div")),s=(de.exec(o)||["",""])[1].toLowerCase(),u=ge[s]||ge._default,a.innerHTML=u[1]+S.htmlPrefilter(o)+u[2],c=u[0];while(c--)a=a.lastChild;S.merge(p,a.childNodes),(a=f.firstChild).textContent=""}else p.push(t.createTextNode(o));f.textContent="",d=0;while(o=p[d++])if(r&&-1<S.inArray(o,r))i&&i.push(o);else if(l=ie(o),a=ve(f.appendChild(o),"script"),l&&ye(a),n){c=0;while(o=a[c++])he.test(o.type||"")&&n.push(o)}return f}var be=/^key/,we=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,Te=/^([^.]*)(?:\.(.+)|)/;function Ce(){return!0}function Ee(){return!1}function Se(e,t){return e===function(){try{return E.activeElement}catch(e){}}()==("focus"===t)}function ke(e,t,n,r,i,o){var a,s;if("object"==typeof t){for(s in"string"!=typeof n&&(r=r||n,n=void 0),t)ke(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=Ee;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return S().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=S.guid++)),e.each(function(){S.event.add(this,t,i,r,n)})}function Ae(e,i,o){o?(Y.set(e,i,!1),S.event.add(e,i,{namespace:!1,handler:function(e){var t,n,r=Y.get(this,i);if(1&e.isTrigger&&this[i]){if(r.length)(S.event.special[i]||{}).delegateType&&e.stopPropagation();else if(r=s.call(arguments),Y.set(this,i,r),t=o(this,i),this[i](),r!==(n=Y.get(this,i))||t?Y.set(this,i,!1):n={},r!==n)return e.stopImmediatePropagation(),e.preventDefault(),n.value}else r.length&&(Y.set(this,i,{value:S.event.trigger(S.extend(r[0],S.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Y.get(e,i)&&S.event.add(e,i,Ce)}S.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Y.get(t);if(V(t)){n.handler&&(n=(o=n).handler,i=o.selector),i&&S.find.matchesSelector(re,i),n.guid||(n.guid=S.guid++),(u=v.events)||(u=v.events=Object.create(null)),(a=v.handle)||(a=v.handle=function(e){return"undefined"!=typeof S&&S.event.triggered!==e.type?S.event.dispatch.apply(t,arguments):void 0}),l=(e=(e||"").match(P)||[""]).length;while(l--)d=g=(s=Te.exec(e[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=S.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=S.event.special[d]||{},c=S.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&S.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(t,r,h,a)||t.addEventListener&&t.addEventListener(d,a)),f.add&&(f.add.call(t,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),S.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Y.hasData(e)&&Y.get(e);if(v&&(u=v.events)){l=(t=(t||"").match(P)||[""]).length;while(l--)if(d=g=(s=Te.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=S.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,v.handle)||S.removeEvent(e,d,v.handle),delete u[d])}else for(d in u)S.event.remove(e,d+t[l],n,r,!0);S.isEmptyObject(u)&&Y.remove(e,"handle events")}},dispatch:function(e){var t,n,r,i,o,a,s=new Array(arguments.length),u=S.event.fix(e),l=(Y.get(this,"events")||Object.create(null))[u.type]||[],c=S.event.special[u.type]||{};for(s[0]=u,t=1;t<arguments.length;t++)s[t]=arguments[t];if(u.delegateTarget=this,!c.preDispatch||!1!==c.preDispatch.call(this,u)){a=S.event.handlers.call(this,u,l),t=0;while((i=a[t++])&&!u.isPropagationStopped()){u.currentTarget=i.elem,n=0;while((o=i.handlers[n++])&&!u.isImmediatePropagationStopped())u.rnamespace&&!1!==o.namespace&&!u.rnamespace.test(o.namespace)||(u.handleObj=o,u.data=o.data,void 0!==(r=((S.event.special[o.origType]||{}).handle||o.handler).apply(i.elem,s))&&!1===(u.result=r)&&(u.preventDefault(),u.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,u),u.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&1<=e.button))for(;l!==this;l=l.parentNode||this)if(1===l.nodeType&&("click"!==e.type||!0!==l.disabled)){for(o=[],a={},n=0;n<u;n++)void 0===a[i=(r=t[n]).selector+" "]&&(a[i]=r.needsContext?-1<S(i,this).index(l):S.find(i,this,null,[l]).length),a[i]&&o.push(r);o.length&&s.push({elem:l,handlers:o})}return l=this,u<t.length&&s.push({elem:l,handlers:t.slice(u)}),s},addProp:function(t,e){Object.defineProperty(S.Event.prototype,t,{enumerable:!0,configurable:!0,get:m(e)?function(){if(this.originalEvent)return e(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[t]},set:function(e){Object.defineProperty(this,t,{enumerable:!0,configurable:!0,writable:!0,value:e})}})},fix:function(e){return e[S.expando]?e:new S.Event(e)},special:{load:{noBubble:!0},click:{setup:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&Ae(t,"click",Ce),!1},trigger:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&Ae(t,"click"),!0},_default:function(e){var t=e.target;return pe.test(t.type)&&t.click&&A(t,"input")&&Y.get(t,"click")||A(t,"a")}},beforeunload:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.originalEvent.returnValue=e.result)}}}},S.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n)},S.Event=function(e,t){if(!(this instanceof S.Event))return new S.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||void 0===e.defaultPrevented&&!1===e.returnValue?Ce:Ee,this.target=e.target&&3===e.target.nodeType?e.target.parentNode:e.target,this.currentTarget=e.currentTarget,this.relatedTarget=e.relatedTarget):this.type=e,t&&S.extend(this,t),this.timeStamp=e&&e.timeStamp||Date.now(),this[S.expando]=!0},S.Event.prototype={constructor:S.Event,isDefaultPrevented:Ee,isPropagationStopped:Ee,isImmediatePropagationStopped:Ee,isSimulated:!1,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=Ce,e&&!this.isSimulated&&e.preventDefault()},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=Ce,e&&!this.isSimulated&&e.stopPropagation()},stopImmediatePropagation:function(){var e=this.originalEvent;this.isImmediatePropagationStopped=Ce,e&&!this.isSimulated&&e.stopImmediatePropagation(),this.stopPropagation()}},S.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,code:!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:function(e){var t=e.button;return null==e.which&&be.test(e.type)?null!=e.charCode?e.charCode:e.keyCode:!e.which&&void 0!==t&&we.test(e.type)?1&t?1:2&t?3:4&t?2:0:e.which}},S.event.addProp),S.each({focus:"focusin",blur:"focusout"},function(e,t){S.event.special[e]={setup:function(){return Ae(this,e,Se),!1},trigger:function(){return Ae(this,e),!0},delegateType:t}}),S.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(e,i){S.event.special[e]={delegateType:i,bindType:i,handle:function(e){var t,n=e.relatedTarget,r=e.handleObj;return n&&(n===this||S.contains(this,n))||(e.type=r.origType,t=r.handler.apply(this,arguments),e.type=i),t}}}),S.fn.extend({on:function(e,t,n,r){return ke(this,e,t,n,r)},one:function(e,t,n,r){return ke(this,e,t,n,r,1)},off:function(e,t,n){var r,i;if(e&&e.preventDefault&&e.handleObj)return r=e.handleObj,S(e.delegateTarget).off(r.namespace?r.origType+"."+r.namespace:r.origType,r.selector,r.handler),this;if("object"==typeof e){for(i in e)this.off(i,t,e[i]);return this}return!1!==t&&"function"!=typeof t||(n=t,t=void 0),!1===n&&(n=Ee),this.each(function(){S.event.remove(this,e,n,t)})}});var Ne=/<script|<style|<link/i,De=/checked\s*(?:[^=]|=\s*.checked.)/i,je=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function qe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function Le(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function He(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Oe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n<r;n++)S.event.add(t,i,s[i][n]);Q.hasData(e)&&(o=Q.access(e),a=S.extend({},o),Q.set(t,a))}}function Pe(n,r,i,o){r=g(r);var e,t,a,s,u,l,c=0,f=n.length,p=f-1,d=r[0],h=m(d);if(h||1<f&&"string"==typeof d&&!y.checkClone&&De.test(d))return n.each(function(e){var t=n.eq(e);h&&(r[0]=d.call(this,e,t.html())),Pe(t,r,i,o)});if(f&&(t=(e=xe(r,n[0].ownerDocument,!1,n,o)).firstChild,1===e.childNodes.length&&(e=t),t||o)){for(s=(a=S.map(ve(e,"script"),Le)).length;c<f;c++)u=e,c!==p&&(u=S.clone(u,!0,!0),s&&S.merge(a,ve(u,"script"))),i.call(n[c],u,c);if(s)for(l=a[a.length-1].ownerDocument,S.map(a,He),c=0;c<s;c++)u=a[c],he.test(u.type||"")&&!Y.access(u,"globalEval")&&S.contains(l,u)&&(u.src&&"module"!==(u.type||"").toLowerCase()?S._evalUrl&&!u.noModule&&S._evalUrl(u.src,{nonce:u.nonce||u.getAttribute("nonce")},l):b(u.textContent.replace(je,""),u,l))}return n}function Re(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n||1!==r.nodeType||S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e}S.extend({htmlPrefilter:function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o||ve(e),a=a||ve(c),r=0,i=o.length;r<i;r++)Oe(o[r],a[r]);else Oe(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEvent(n,r,t.handle);n[Y.expando]=void 0}n[Q.expando]&&(n[Q.expando]=void 0)}}}),S.fn.extend({detach:function(e){return Re(this,e,!0)},remove:function(e){return Re(this,e)},text:function(e){return $(this,function(e){return void 0===e?S.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=e)})},null,e,arguments.length)},append:function(){return Pe(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||qe(this,e).appendChild(e)})},prepend:function(){return Pe(this,arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=qe(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return Pe(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return Pe(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var e,t=0;null!=(e=this[t]);t++)1===e.nodeType&&(S.cleanData(ve(e,!1)),e.textContent="");return this},clone:function(e,t){return e=null!=e&&e,t=null==t?e:t,this.map(function(){return S.clone(this,e,t)})},html:function(e){return $(this,function(e){var t=this[0]||{},n=0,r=this.length;if(void 0===e&&1===t.nodeType)return t.innerHTML;if("string"==typeof e&&!Ne.test(e)&&!ge[(de.exec(e)||["",""])[1].toLowerCase()]){e=S.htmlPrefilter(e);try{for(;n<r;n++)1===(t=this[n]||{}).nodeType&&(S.cleanData(ve(t,!1)),t.innerHTML=e);t=0}catch(e){}}t&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var n=[];return Pe(this,arguments,function(e){var t=this.parentNode;S.inArray(this,n)<0&&(S.cleanData(ve(this)),t&&t.replaceChild(e,this))},n)}}),S.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){S.fn[e]=function(e){for(var t,n=[],r=S(e),i=r.length-1,o=0;o<=i;o++)t=o===i?this:this.clone(!0),S(r[o])[a](t),u.apply(n,t.get());return this.pushStack(n)}});var Me=new RegExp("^("+ee+")(?!px)[a-z%]+$","i"),Ie=function(e){var t=e.ownerDocument.defaultView;return t&&t.opener||(t=C),t.getComputedStyle(e)},We=function(e,t,n){var r,i,o={};for(i in t)o[i]=e.style[i],e.style[i]=t[i];for(i in r=n.call(e),t)e.style[i]=o[i];return r},Fe=new RegExp(ne.join("|"),"i");function Be(e,t,n){var r,i,o,a,s=e.style;return(n=n||Ie(e))&&(""!==(a=n.getPropertyValue(t)||n[t])||ie(e)||(a=S.style(e,t)),!y.pixelBoxStyles()&&Me.test(a)&&Fe.test(t)&&(r=s.width,i=s.minWidth,o=s.maxWidth,s.minWidth=s.maxWidth=s.width=a,a=n.width,s.width=r,s.minWidth=i,s.maxWidth=o)),void 0!==a?a+"":a}function $e(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}!function(){function e(){if(l){u.style.cssText="position:absolute;left:-11111px;width:60px;margin-top:1px;padding:0;border:0",l.style.cssText="position:relative;display:block;box-sizing:border-box;overflow:scroll;margin:auto;border:1px;padding:1px;width:60%;top:1%",re.appendChild(u).appendChild(l);var e=C.getComputedStyle(l);n="1%"!==e.top,s=12===t(e.marginLeft),l.style.right="60%",o=36===t(e.right),r=36===t(e.width),l.style.position="absolute",i=12===t(l.offsetWidth/3),re.removeChild(u),l=null}}function t(e){return Math.round(parseFloat(e))}var n,r,i,o,a,s,u=E.createElement("div"),l=E.createElement("div");l.style&&(l.style.backgroundClip="content-box",l.cloneNode(!0).style.backgroundClip="",y.clearCloneStyle="content-box"===l.style.backgroundClip,S.extend(y,{boxSizingReliable:function(){return e(),r},pixelBoxStyles:function(){return e(),o},pixelPosition:function(){return e(),n},reliableMarginLeft:function(){return e(),s},scrollboxSize:function(){return e(),i},reliableTrDimensions:function(){var e,t,n,r;return null==a&&(e=E.createElement("table"),t=E.createElement("tr"),n=E.createElement("div"),e.style.cssText="position:absolute;left:-11111px",t.style.height="1px",n.style.height="9px",re.appendChild(e).appendChild(t).appendChild(n),r=C.getComputedStyle(t),a=3<parseInt(r.height),re.removeChild(e)),a}}))}();var _e=["Webkit","Moz","ms"],ze=E.createElement("div").style,Ue={};function Xe(e){var t=S.cssProps[e]||Ue[e];return t||(e in ze?e:Ue[e]=function(e){var t=e[0].toUpperCase()+e.slice(1),n=_e.length;while(n--)if((e=_e[n]+t)in ze)return e}(e)||e)}var Ve=/^(none|table(?!-c[ea]).+)/,Ge=/^--/,Ye={position:"absolute",visibility:"hidden",display:"block"},Qe={letterSpacing:"0",fontWeight:"400"};function Je(e,t,n){var r=te.exec(t);return r?Math.max(0,r[2]-(n||0))+(r[3]||"px"):t}function Ke(e,t,n,r,i,o){var a="width"===t?1:0,s=0,u=0;if(n===(r?"border":"content"))return 0;for(;a<4;a+=2)"margin"===n&&(u+=S.css(e,n+ne[a],!0,i)),r?("content"===n&&(u-=S.css(e,"padding"+ne[a],!0,i)),"margin"!==n&&(u-=S.css(e,"border"+ne[a]+"Width",!0,i))):(u+=S.css(e,"padding"+ne[a],!0,i),"padding"!==n?u+=S.css(e,"border"+ne[a]+"Width",!0,i):s+=S.css(e,"border"+ne[a]+"Width",!0,i));return!r&&0<=o&&(u+=Math.max(0,Math.ceil(e["offset"+t[0].toUpperCase()+t.slice(1)]-o-u-s-.5))||0),u}function Ze(e,t,n){var r=Ie(e),i=(!y.boxSizingReliable()||n)&&"border-box"===S.css(e,"boxSizing",!1,r),o=i,a=Be(e,t,r),s="offset"+t[0].toUpperCase()+t.slice(1);if(Me.test(a)){if(!n)return a;a="auto"}return(!y.boxSizingReliable()&&i||!y.reliableTrDimensions()&&A(e,"tr")||"auto"===a||!parseFloat(a)&&"inline"===S.css(e,"display",!1,r))&&e.getClientRects().length&&(i="border-box"===S.css(e,"boxSizing",!1,r),(o=s in e)&&(a=e[s])),(a=parseFloat(a)||0)+Ke(e,t,n||(i?"border":"content"),o,r,a)+"px"}function et(e,t,n,r,i){return new et.prototype.init(e,t,n,r,i)}S.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Be(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,gridArea:!0,gridColumn:!0,gridColumnEnd:!0,gridColumnStart:!0,gridRow:!0,gridRowEnd:!0,gridRowStart:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{},style:function(e,t,n,r){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var i,o,a,s=X(t),u=Ge.test(t),l=e.style;if(u||(t=Xe(s)),a=S.cssHooks[t]||S.cssHooks[s],void 0===n)return a&&"get"in a&&void 0!==(i=a.get(e,!1,r))?i:l[t];"string"===(o=typeof n)&&(i=te.exec(n))&&i[1]&&(n=se(e,t,i),o="number"),null!=n&&n==n&&("number"!==o||u||(n+=i&&i[3]||(S.cssNumber[s]?"":"px")),y.clearCloneStyle||""!==n||0!==t.indexOf("background")||(l[t]="inherit"),a&&"set"in a&&void 0===(n=a.set(e,n,r))||(u?l.setProperty(t,n):l[t]=n))}},css:function(e,t,n,r){var i,o,a,s=X(t);return Ge.test(t)||(t=Xe(s)),(a=S.cssHooks[t]||S.cssHooks[s])&&"get"in a&&(i=a.get(e,!0,n)),void 0===i&&(i=Be(e,t,r)),"normal"===i&&t in Qe&&(i=Qe[t]),""===n||n?(o=parseFloat(i),!0===n||isFinite(o)?o||0:i):i}}),S.each(["height","width"],function(e,u){S.cssHooks[u]={get:function(e,t,n){if(t)return!Ve.test(S.css(e,"display"))||e.getClientRects().length&&e.getBoundingClientRect().width?Ze(e,u,n):We(e,Ye,function(){return Ze(e,u,n)})},set:function(e,t,n){var r,i=Ie(e),o=!y.scrollboxSize()&&"absolute"===i.position,a=(o||n)&&"border-box"===S.css(e,"boxSizing",!1,i),s=n?Ke(e,u,n,a,i):0;return a&&o&&(s-=Math.ceil(e["offset"+u[0].toUpperCase()+u.slice(1)]-parseFloat(i[u])-Ke(e,u,"border",!1,i)-.5)),s&&(r=te.exec(t))&&"px"!==(r[3]||"px")&&(e.style[u]=t,t=S.css(e,u)),Je(0,t,s)}}}),S.cssHooks.marginLeft=$e(y.reliableMarginLeft,function(e,t){if(t)return(parseFloat(Be(e,"marginLeft"))||e.getBoundingClientRect().left-We(e,{marginLeft:0},function(){return e.getBoundingClientRect().left}))+"px"}),S.each({margin:"",padding:"",border:"Width"},function(i,o){S.cssHooks[i+o]={expand:function(e){for(var t=0,n={},r="string"==typeof e?e.split(" "):[e];t<4;t++)n[i+ne[t]+o]=r[t]||r[t-2]||r[0];return n}},"margin"!==i&&(S.cssHooks[i+o].set=Je)}),S.fn.extend({css:function(e,t){return $(this,function(e,t,n){var r,i,o={},a=0;if(Array.isArray(t)){for(r=Ie(e),i=t.length;a<i;a++)o[t[a]]=S.css(e,t[a],!1,r);return o}return void 0!==n?S.style(e,t,n):S.css(e,t)},e,t,1<arguments.length)}}),((S.Tween=et).prototype={constructor:et,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||S.easing._default,this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(S.cssNumber[n]?"":"px")},cur:function(){var e=et.propHooks[this.prop];return e&&e.get?e.get(this):et.propHooks._default.get(this)},run:function(e){var t,n=et.propHooks[this.prop];return this.options.duration?this.pos=t=S.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):et.propHooks._default.set(this),this}}).init.prototype=et.prototype,(et.propHooks={_default:{get:function(e){var t;return 1!==e.elem.nodeType||null!=e.elem[e.prop]&&null==e.elem.style[e.prop]?e.elem[e.prop]:(t=S.css(e.elem,e.prop,""))&&"auto"!==t?t:0},set:function(e){S.fx.step[e.prop]?S.fx.step[e.prop](e):1!==e.elem.nodeType||!S.cssHooks[e.prop]&&null==e.elem.style[Xe(e.prop)]?e.elem[e.prop]=e.now:S.style(e.elem,e.prop,e.now+e.unit)}}}).scrollTop=et.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},S.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2},_default:"swing"},S.fx=et.prototype.init,S.fx.step={};var tt,nt,rt,it,ot=/^(?:toggle|show|hide)$/,at=/queueHooks$/;function st(){nt&&(!1===E.hidden&&C.requestAnimationFrame?C.requestAnimationFrame(st):C.setTimeout(st,S.fx.interval),S.fx.tick())}function ut(){return C.setTimeout(function(){tt=void 0}),tt=Date.now()}function lt(e,t){var n,r=0,i={height:e};for(t=t?1:0;r<4;r+=2-t)i["margin"+(n=ne[r])]=i["padding"+n]=e;return t&&(i.opacity=i.width=e),i}function ct(e,t,n){for(var r,i=(ft.tweeners[t]||[]).concat(ft.tweeners["*"]),o=0,a=i.length;o<a;o++)if(r=i[o].call(n,t,e))return r}function ft(o,e,t){var n,a,r=0,i=ft.prefilters.length,s=S.Deferred().always(function(){delete u.elem}),u=function(){if(a)return!1;for(var e=tt||ut(),t=Math.max(0,l.startTime+l.duration-e),n=1-(t/l.duration||0),r=0,i=l.tweens.length;r<i;r++)l.tweens[r].run(n);return s.notifyWith(o,[l,n,t]),n<1&&i?t:(i||s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l]),!1)},l=s.promise({elem:o,props:S.extend({},e),opts:S.extend(!0,{specialEasing:{},easing:S.easing._default},t),originalProperties:e,originalOptions:t,startTime:tt||ut(),duration:t.duration,tweens:[],createTween:function(e,t){var n=S.Tween(o,l.opts,e,t,l.opts.specialEasing[e]||l.opts.easing);return l.tweens.push(n),n},stop:function(e){var t=0,n=e?l.tweens.length:0;if(a)return this;for(a=!0;t<n;t++)l.tweens[t].run(1);return e?(s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l,e])):s.rejectWith(o,[l,e]),this}}),c=l.props;for(!function(e,t){var n,r,i,o,a;for(n in e)if(i=t[r=X(n)],o=e[n],Array.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),(a=S.cssHooks[r])&&"expand"in a)for(n in o=a.expand(o),delete e[r],o)n in e||(e[n]=o[n],t[n]=i);else t[r]=i}(c,l.opts.specialEasing);r<i;r++)if(n=ft.prefilters[r].call(l,o,c,l.opts))return m(n.stop)&&(S._queueHooks(l.elem,l.opts.queue).stop=n.stop.bind(n)),n;return S.map(c,ct,l),m(l.opts.start)&&l.opts.start.call(o,l),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always),S.fx.timer(S.extend(u,{elem:o,anim:l,queue:l.opts.queue})),l}S.Animation=S.extend(ft,{tweeners:{"*":[function(e,t){var n=this.createTween(e,t);return se(n.elem,e,te.exec(t),n),n}]},tweener:function(e,t){m(e)?(t=e,e=["*"]):e=e.match(P);for(var n,r=0,i=e.length;r<i;r++)n=e[r],ft.tweeners[n]=ft.tweeners[n]||[],ft.tweeners[n].unshift(t)},prefilters:[function(e,t,n){var r,i,o,a,s,u,l,c,f="width"in t||"height"in t,p=this,d={},h=e.style,g=e.nodeType&&ae(e),v=Y.get(e,"fxshow");for(r in n.queue||(null==(a=S._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued||s()}),a.unqueued++,p.always(function(){p.always(function(){a.unqueued--,S.queue(e,"fx").length||a.empty.fire()})})),t)if(i=t[r],ot.test(i)){if(delete t[r],o=o||"toggle"===i,i===(g?"hide":"show")){if("show"!==i||!v||void 0===v[r])continue;g=!0}d[r]=v&&v[r]||S.style(e,r)}if((u=!S.isEmptyObject(t))||!S.isEmptyObject(d))for(r in f&&1===e.nodeType&&(n.overflow=[h.overflow,h.overflowX,h.overflowY],null==(l=v&&v.display)&&(l=Y.get(e,"display")),"none"===(c=S.css(e,"display"))&&(l?c=l:(le([e],!0),l=e.style.display||l,c=S.css(e,"display"),le([e]))),("inline"===c||"inline-block"===c&&null!=l)&&"none"===S.css(e,"float")&&(u||(p.done(function(){h.display=l}),null==l&&(c=h.display,l="none"===c?"":c)),h.display="inline-block")),n.overflow&&(h.overflow="hidden",p.always(function(){h.overflow=n.overflow[0],h.overflowX=n.overflow[1],h.overflowY=n.overflow[2]})),u=!1,d)u||(v?"hidden"in v&&(g=v.hidden):v=Y.access(e,"fxshow",{display:l}),o&&(v.hidden=!g),g&&le([e],!0),p.done(function(){for(r in g||le([e]),Y.remove(e,"fxshow"),d)S.style(e,r,d[r])})),u=ct(g?v[r]:0,r,p),r in v||(v[r]=u.start,g&&(u.end=u.start,u.start=0))}],prefilter:function(e,t){t?ft.prefilters.unshift(e):ft.prefilters.push(e)}}),S.speed=function(e,t,n){var r=e&&"object"==typeof e?S.extend({},e):{complete:n||!n&&t||m(e)&&e,duration:e,easing:n&&t||t&&!m(t)&&t};return S.fx.off?r.duration=0:"number"!=typeof r.duration&&(r.duration in S.fx.speeds?r.duration=S.fx.speeds[r.duration]:r.duration=S.fx.speeds._default),null!=r.queue&&!0!==r.queue||(r.queue="fx"),r.old=r.complete,r.complete=function(){m(r.old)&&r.old.call(this),r.queue&&S.dequeue(this,r.queue)},r},S.fn.extend({fadeTo:function(e,t,n,r){return this.filter(ae).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(t,e,n,r){var i=S.isEmptyObject(t),o=S.speed(e,n,r),a=function(){var e=ft(this,S.extend({},t),o);(i||Y.get(this,"finish"))&&e.stop(!0)};return a.finish=a,i||!1===o.queue?this.each(a):this.queue(o.queue,a)},stop:function(i,e,o){var a=function(e){var t=e.stop;delete e.stop,t(o)};return"string"!=typeof i&&(o=e,e=i,i=void 0),e&&this.queue(i||"fx",[]),this.each(function(){var e=!0,t=null!=i&&i+"queueHooks",n=S.timers,r=Y.get(this);if(t)r[t]&&r[t].stop&&a(r[t]);else for(t in r)r[t]&&r[t].stop&&at.test(t)&&a(r[t]);for(t=n.length;t--;)n[t].elem!==this||null!=i&&n[t].queue!==i||(n[t].anim.stop(o),e=!1,n.splice(t,1));!e&&o||S.dequeue(this,i)})},finish:function(a){return!1!==a&&(a=a||"fx"),this.each(function(){var e,t=Y.get(this),n=t[a+"queue"],r=t[a+"queueHooks"],i=S.timers,o=n?n.length:0;for(t.finish=!0,S.queue(this,a,[]),r&&r.stop&&r.stop.call(this,!0),e=i.length;e--;)i[e].elem===this&&i[e].queue===a&&(i[e].anim.stop(!0),i.splice(e,1));for(e=0;e<o;e++)n[e]&&n[e].finish&&n[e].finish.call(this);delete t.finish})}}),S.each(["toggle","show","hide"],function(e,r){var i=S.fn[r];S.fn[r]=function(e,t,n){return null==e||"boolean"==typeof e?i.apply(this,arguments):this.animate(lt(r,!0),e,t,n)}}),S.each({slideDown:lt("show"),slideUp:lt("hide"),slideToggle:lt("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,r){S.fn[e]=function(e,t,n){return this.animate(r,e,t,n)}}),S.timers=[],S.fx.tick=function(){var e,t=0,n=S.timers;for(tt=Date.now();t<n.length;t++)(e=n[t])()||n[t]!==e||n.splice(t--,1);n.length||S.fx.stop(),tt=void 0},S.fx.timer=function(e){S.timers.push(e),S.fx.start()},S.fx.interval=13,S.fx.start=function(){nt||(nt=!0,st())},S.fx.stop=function(){nt=null},S.fx.speeds={slow:600,fast:200,_default:400},S.fn.delay=function(r,e){return r=S.fx&&S.fx.speeds[r]||r,e=e||"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",y.checkOn=""!==rt.value,y.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.type="radio",y.radioValue="t"===rt.value;var pt,dt=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.removeAttr(this,e)})}}),S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?pt:void 0)),void 0!==n?null===n?void S.removeAttr(e,t):i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:(e.setAttribute(t,n+""),n):i&&"get"in i&&null!==(r=i.get(e,t))?r:null==(r=S.find.attr(e,t))?void 0:r)},attrHooks:{type:{set:function(e,t){if(!y.radioValue&&"radio"===t&&A(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},removeAttr:function(e,t){var n,r=0,i=t&&t.match(P);if(i&&1===e.nodeType)while(n=i[r++])e.removeAttribute(n)}}),pt={set:function(e,t,n){return!1===t?S.removeAttr(e,n):e.setAttribute(n,n),n}},S.each(S.expr.match.bool.source.match(/\w+/g),function(e,t){var a=dt[t]||S.find.attr;dt[t]=function(e,t,n){var r,i,o=t.toLowerCase();return n||(i=dt[o],dt[o]=r,r=null!=a(e,t,n)?o:null,dt[o]=i),r}});var ht=/^(?:input|select|textarea|button)$/i,gt=/^(?:a|area)$/i;function vt(e){return(e.match(P)||[]).join(" ")}function yt(e){return e.getAttribute&&e.getAttribute("class")||""}function mt(e){return Array.isArray(e)?e:"string"==typeof e&&e.match(P)||[]}S.fn.extend({prop:function(e,t){return $(this,S.prop,e,t,1<arguments.length)},removeProp:function(e){return this.each(function(){delete this[S.propFix[e]||e]})}}),S.extend({prop:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return 1===o&&S.isXMLDoc(e)||(t=S.propFix[t]||t,i=S.propHooks[t]),void 0!==n?i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=S.find.attr(e,"tabindex");return t?parseInt(t,10):ht.test(e.nodeName)||gt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),y.optSelected||(S.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),S.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){S.propFix[this.toLowerCase()]=this}),S.fn.extend({addClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){S(this).addClass(t.call(this,e,yt(this)))});if((e=mt(t)).length)while(n=this[u++])if(i=yt(n),r=1===n.nodeType&&" "+vt(i)+" "){a=0;while(o=e[a++])r.indexOf(" "+o+" ")<0&&(r+=o+" ");i!==(s=vt(r))&&n.setAttribute("class",s)}return this},removeClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){S(this).removeClass(t.call(this,e,yt(this)))});if(!arguments.length)return this.attr("class","");if((e=mt(t)).length)while(n=this[u++])if(i=yt(n),r=1===n.nodeType&&" "+vt(i)+" "){a=0;while(o=e[a++])while(-1<r.indexOf(" "+o+" "))r=r.replace(" "+o+" "," ");i!==(s=vt(r))&&n.setAttribute("class",s)}return this},toggleClass:function(i,t){var o=typeof i,a="string"===o||Array.isArray(i);return"boolean"==typeof t&&a?t?this.addClass(i):this.removeClass(i):m(i)?this.each(function(e){S(this).toggleClass(i.call(this,e,yt(this),t),t)}):this.each(function(){var e,t,n,r;if(a){t=0,n=S(this),r=mt(i);while(e=r[t++])n.hasClass(e)?n.removeClass(e):n.addClass(e)}else void 0!==i&&"boolean"!==o||((e=yt(this))&&Y.set(this,"__className__",e),this.setAttribute&&this.setAttribute("class",e||!1===i?"":Y.get(this,"__className__")||""))})},hasClass:function(e){var t,n,r=0;t=" "+e+" ";while(n=this[r++])if(1===n.nodeType&&-1<(" "+vt(yt(n))+" ").indexOf(t))return!0;return!1}});var xt=/\r/g;S.fn.extend({val:function(n){var r,e,i,t=this[0];return arguments.length?(i=m(n),this.each(function(e){var t;1===this.nodeType&&(null==(t=i?n.call(this,e,S(this).val()):n)?t="":"number"==typeof t?t+="":Array.isArray(t)&&(t=S.map(t,function(e){return null==e?"":e+""})),(r=S.valHooks[this.type]||S.valHooks[this.nodeName.toLowerCase()])&&"set"in r&&void 0!==r.set(this,t,"value")||(this.value=t))})):t?(r=S.valHooks[t.type]||S.valHooks[t.nodeName.toLowerCase()])&&"get"in r&&void 0!==(e=r.get(t,"value"))?e:"string"==typeof(e=t.value)?e.replace(xt,""):null==e?"":e:void 0}}),S.extend({valHooks:{option:{get:function(e){var t=S.find.attr(e,"value");return null!=t?t:vt(S.text(e))}},select:{get:function(e){var t,n,r,i=e.options,o=e.selectedIndex,a="select-one"===e.type,s=a?null:[],u=a?o+1:i.length;for(r=o<0?u:a?o:0;r<u;r++)if(((n=i[r]).selected||r===o)&&!n.disabled&&(!n.parentNode.disabled||!A(n.parentNode,"optgroup"))){if(t=S(n).val(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=S.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=-1<S.inArray(S.valHooks.option.get(r),o))&&(n=!0);return n||(e.selectedIndex=-1),o}}}}),S.each(["radio","checkbox"],function(){S.valHooks[this]={set:function(e,t){if(Array.isArray(t))return e.checked=-1<S.inArray(S(e).val(),t)}},y.checkOn||(S.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})}),y.focusin="onfocusin"in C;var bt=/^(?:focusinfocus|focusoutblur)$/,wt=function(e){e.stopPropagation()};S.extend(S.event,{trigger:function(e,t,n,r){var i,o,a,s,u,l,c,f,p=[n||E],d=v.call(e,"type")?e.type:e,h=v.call(e,"namespace")?e.namespace.split("."):[];if(o=f=a=n=n||E,3!==n.nodeType&&8!==n.nodeType&&!bt.test(d+S.event.triggered)&&(-1<d.indexOf(".")&&(d=(h=d.split(".")).shift(),h.sort()),u=d.indexOf(":")<0&&"on"+d,(e=e[S.expando]?e:new S.Event(d,"object"==typeof e&&e)).isTrigger=r?2:3,e.namespace=h.join("."),e.rnamespace=e.namespace?new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,e.result=void 0,e.target||(e.target=n),t=null==t?[e]:S.makeArray(t,[e]),c=S.event.special[d]||{},r||!c.trigger||!1!==c.trigger.apply(n,t))){if(!r&&!c.noBubble&&!x(n)){for(s=c.delegateType||d,bt.test(s+d)||(o=o.parentNode);o;o=o.parentNode)p.push(o),a=o;a===(n.ownerDocument||E)&&p.push(a.defaultView||a.parentWindow||C)}i=0;while((o=p[i++])&&!e.isPropagationStopped())f=o,e.type=1<i?s:c.bindType||d,(l=(Y.get(o,"events")||Object.create(null))[e.type]&&Y.get(o,"handle"))&&l.apply(o,t),(l=u&&o[u])&&l.apply&&V(o)&&(e.result=l.apply(o,t),!1===e.result&&e.preventDefault());return e.type=d,r||e.isDefaultPrevented()||c._default&&!1!==c._default.apply(p.pop(),t)||!V(n)||u&&m(n[d])&&!x(n)&&((a=n[u])&&(n[u]=null),S.event.triggered=d,e.isPropagationStopped()&&f.addEventListener(d,wt),n[d](),e.isPropagationStopped()&&f.removeEventListener(d,wt),S.event.triggered=void 0,a&&(n[u]=a)),e.result}},simulate:function(e,t,n){var r=S.extend(new S.Event,n,{type:e,isSimulated:!0});S.event.trigger(r,null,t)}}),S.fn.extend({trigger:function(e,t){return this.each(function(){S.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];if(n)return S.event.trigger(e,t,n,!0)}}),y.focusin||S.each({focus:"focusin",blur:"focusout"},function(n,r){var i=function(e){S.event.simulate(r,e.target,S.event.fix(e))};S.event.special[r]={setup:function(){var e=this.ownerDocument||this.document||this,t=Y.access(e,r);t||e.addEventListener(n,i,!0),Y.access(e,r,(t||0)+1)},teardown:function(){var e=this.ownerDocument||this.document||this,t=Y.access(e,r)-1;t?Y.access(e,r,t):(e.removeEventListener(n,i,!0),Y.remove(e,r))}}});var Tt=C.location,Ct={guid:Date.now()},Et=/\?/;S.parseXML=function(e){var t;if(!e||"string"!=typeof e)return null;try{t=(new C.DOMParser).parseFromString(e,"text/xml")}catch(e){t=void 0}return t&&!t.getElementsByTagName("parsererror").length||S.error("Invalid XML: "+e),t};var St=/\[\]$/,kt=/\r?\n/g,At=/^(?:submit|button|image|reset|file)$/i,Nt=/^(?:input|select|textarea|keygen)/i;function Dt(n,e,r,i){var t;if(Array.isArray(e))S.each(e,function(e,t){r||St.test(n)?i(n,t):Dt(n+"["+("object"==typeof t&&null!=t?e:"")+"]",t,r,i)});else if(r||"object"!==w(e))i(n,e);else for(t in e)Dt(n+"["+t+"]",e[t],r,i)}S.param=function(e,t){var n,r=[],i=function(e,t){var n=m(t)?t():t;r[r.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(null==e)return"";if(Array.isArray(e)||e.jquery&&!S.isPlainObject(e))S.each(e,function(){i(this.name,this.value)});else for(n in e)Dt(n,e[n],t,i);return r.join("&")},S.fn.extend({serialize:function(){return S.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=S.prop(this,"elements");return e?S.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!S(this).is(":disabled")&&Nt.test(this.nodeName)&&!At.test(e)&&(this.checked||!pe.test(e))}).map(function(e,t){var n=S(this).val();return null==n?null:Array.isArray(n)?S.map(n,function(e){return{name:t.name,value:e.replace(kt,"\r\n")}}):{name:t.name,value:n.replace(kt,"\r\n")}}).get()}});var jt=/%20/g,qt=/#.*$/,Lt=/([?&])_=[^&]*/,Ht=/^(.*?):[ \t]*([^\r\n]*)$/gm,Ot=/^(?:GET|HEAD)$/,Pt=/^\/\//,Rt={},Mt={},It="*/".concat("*"),Wt=E.createElement("a");function Ft(o){return function(e,t){"string"!=typeof e&&(t=e,e="*");var n,r=0,i=e.toLowerCase().match(P)||[];if(m(t))while(n=i[r++])"+"===n[0]?(n=n.slice(1)||"*",(o[n]=o[n]||[]).unshift(t)):(o[n]=o[n]||[]).push(t)}}function Bt(t,i,o,a){var s={},u=t===Mt;function l(e){var r;return s[e]=!0,S.each(t[e]||[],function(e,t){var n=t(i,o,a);return"string"!=typeof n||u||s[n]?u?!(r=n):void 0:(i.dataTypes.unshift(n),l(n),!1)}),r}return l(i.dataTypes[0])||!s["*"]&&l("*")}function $t(e,t){var n,r,i=S.ajaxSettings.flatOptions||{};for(n in t)void 0!==t[n]&&((i[n]?e:r||(r={}))[n]=t[n]);return r&&S.extend(!0,e,r),e}Wt.href=Tt.href,S.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Tt.href,type:"GET",isLocal:/^(?:about|app|app-storage|.+-extension|file|res|widget):$/.test(Tt.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":It,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":S.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?$t($t(e,S.ajaxSettings),t):$t(S.ajaxSettings,e)},ajaxPrefilter:Ft(Rt),ajaxTransport:Ft(Mt),ajax:function(e,t){"object"==typeof e&&(t=e,e=void 0),t=t||{};var c,f,p,n,d,r,h,g,i,o,v=S.ajaxSetup({},t),y=v.context||v,m=v.context&&(y.nodeType||y.jquery)?S(y):S.event,x=S.Deferred(),b=S.Callbacks("once memory"),w=v.statusCode||{},a={},s={},u="canceled",T={readyState:0,getResponseHeader:function(e){var t;if(h){if(!n){n={};while(t=Ht.exec(p))n[t[1].toLowerCase()+" "]=(n[t[1].toLowerCase()+" "]||[]).concat(t[2])}t=n[e.toLowerCase()+" "]}return null==t?null:t.join(", ")},getAllResponseHeaders:function(){return h?p:null},setRequestHeader:function(e,t){return null==h&&(e=s[e.toLowerCase()]=s[e.toLowerCase()]||e,a[e]=t),this},overrideMimeType:function(e){return null==h&&(v.mimeType=e),this},statusCode:function(e){var t;if(e)if(h)T.always(e[T.status]);else for(t in e)w[t]=[w[t],e[t]];return this},abort:function(e){var t=e||u;return c&&c.abort(t),l(0,t),this}};if(x.promise(T),v.url=((e||v.url||Tt.href)+"").replace(Pt,Tt.protocol+"//"),v.type=t.method||t.type||v.method||v.type,v.dataTypes=(v.dataType||"*").toLowerCase().match(P)||[""],null==v.crossDomain){r=E.createElement("a");try{r.href=v.url,r.href=r.href,v.crossDomain=Wt.protocol+"//"+Wt.host!=r.protocol+"//"+r.host}catch(e){v.crossDomain=!0}}if(v.data&&v.processData&&"string"!=typeof v.data&&(v.data=S.param(v.data,v.traditional)),Bt(Rt,v,t,T),h)return T;for(i in(g=S.event&&v.global)&&0==S.active++&&S.event.trigger("ajaxStart"),v.type=v.type.toUpperCase(),v.hasContent=!Ot.test(v.type),f=v.url.replace(qt,""),v.hasContent?v.data&&v.processData&&0===(v.contentType||"").indexOf("application/x-www-form-urlencoded")&&(v.data=v.data.replace(jt,"+")):(o=v.url.slice(f.length),v.data&&(v.processData||"string"==typeof v.data)&&(f+=(Et.test(f)?"&":"?")+v.data,delete v.data),!1===v.cache&&(f=f.replace(Lt,"$1"),o=(Et.test(f)?"&":"?")+"_="+Ct.guid+++o),v.url=f+o),v.ifModified&&(S.lastModified[f]&&T.setRequestHeader("If-Modified-Since",S.lastModified[f]),S.etag[f]&&T.setRequestHeader("If-None-Match",S.etag[f])),(v.data&&v.hasContent&&!1!==v.contentType||t.contentType)&&T.setRequestHeader("Content-Type",v.contentType),T.setRequestHeader("Accept",v.dataTypes[0]&&v.accepts[v.dataTypes[0]]?v.accepts[v.dataTypes[0]]+("*"!==v.dataTypes[0]?", "+It+"; q=0.01":""):v.accepts["*"]),v.headers)T.setRequestHeader(i,v.headers[i]);if(v.beforeSend&&(!1===v.beforeSend.call(y,T,v)||h))return T.abort();if(u="abort",b.add(v.complete),T.done(v.success),T.fail(v.error),c=Bt(Mt,v,t,T)){if(T.readyState=1,g&&m.trigger("ajaxSend",[T,v]),h)return T;v.async&&0<v.timeout&&(d=C.setTimeout(function(){T.abort("timeout")},v.timeout));try{h=!1,c.send(a,l)}catch(e){if(h)throw e;l(-1,e)}}else l(-1,"No Transport");function l(e,t,n,r){var i,o,a,s,u,l=t;h||(h=!0,d&&C.clearTimeout(d),c=void 0,p=r||"",T.readyState=0<e?4:0,i=200<=e&&e<300||304===e,n&&(s=function(e,t,n){var r,i,o,a,s=e.contents,u=e.dataTypes;while("*"===u[0])u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(i in s)if(s[i]&&s[i].test(r)){u.unshift(i);break}if(u[0]in n)o=u[0];else{for(i in n){if(!u[0]||e.converters[i+" "+u[0]]){o=i;break}a||(a=i)}o=o||a}if(o)return o!==u[0]&&u.unshift(o),n[o]}(v,T,n)),!i&&-1<S.inArray("script",v.dataTypes)&&(v.converters["text script"]=function(){}),s=function(e,t,n,r){var i,o,a,s,u,l={},c=e.dataTypes.slice();if(c[1])for(a in e.converters)l[a.toLowerCase()]=e.converters[a];o=c.shift();while(o)if(e.responseFields[o]&&(n[e.responseFields[o]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=o,o=c.shift())if("*"===o)o=u;else if("*"!==u&&u!==o){if(!(a=l[u+" "+o]||l["* "+o]))for(i in l)if((s=i.split(" "))[1]===o&&(a=l[u+" "+s[0]]||l["* "+s[0]])){!0===a?a=l[i]:!0!==l[i]&&(o=s[0],c.unshift(s[1]));break}if(!0!==a)if(a&&e["throws"])t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+o}}}return{state:"success",data:t}}(v,s,T,i),i?(v.ifModified&&((u=T.getResponseHeader("Last-Modified"))&&(S.lastModified[f]=u),(u=T.getResponseHeader("etag"))&&(S.etag[f]=u)),204===e||"HEAD"===v.type?l="nocontent":304===e?l="notmodified":(l=s.state,o=s.data,i=!(a=s.error))):(a=l,!e&&l||(l="error",e<0&&(e=0))),T.status=e,T.statusText=(t||l)+"",i?x.resolveWith(y,[o,l,T]):x.rejectWith(y,[T,l,a]),T.statusCode(w),w=void 0,g&&m.trigger(i?"ajaxSuccess":"ajaxError",[T,v,i?o:a]),b.fireWith(y,[T,l]),g&&(m.trigger("ajaxComplete",[T,v]),--S.active||S.event.trigger("ajaxStop")))}return T},getJSON:function(e,t,n){return S.get(e,t,n,"json")},getScript:function(e,t){return S.get(e,void 0,t,"script")}}),S.each(["get","post"],function(e,i){S[i]=function(e,t,n,r){return m(t)&&(r=r||n,n=t,t=void 0),S.ajax(S.extend({url:e,type:i,dataType:r,data:t,success:n},S.isPlainObject(e)&&e))}}),S.ajaxPrefilter(function(e){var t;for(t in e.headers)"content-type"===t.toLowerCase()&&(e.contentType=e.headers[t]||"")}),S._evalUrl=function(e,t,n){return S.ajax({url:e,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,converters:{"text script":function(){}},dataFilter:function(e){S.globalEval(e,t,n)}})},S.fn.extend({wrapAll:function(e){var t;return this[0]&&(m(e)&&(e=e.call(this[0])),t=S(e,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstElementChild)e=e.firstElementChild;return e}).append(this)),this},wrapInner:function(n){return m(n)?this.each(function(e){S(this).wrapInner(n.call(this,e))}):this.each(function(){var e=S(this),t=e.contents();t.length?t.wrapAll(n):e.append(n)})},wrap:function(t){var n=m(t);return this.each(function(e){S(this).wrapAll(n?t.call(this,e):t)})},unwrap:function(e){return this.parent(e).not("body").each(function(){S(this).replaceWith(this.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var _t={0:200,1223:204},zt=S.ajaxSettings.xhr();y.cors=!!zt&&"withCredentials"in zt,y.ajax=zt=!!zt,S.ajaxTransport(function(i){var o,a;if(y.cors||zt&&!i.crossDomain)return{send:function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest"),e)r.setRequestHeader(n,e[n]);o=function(e){return function(){o&&(o=a=r.onload=r.onerror=r.onabort=r.ontimeout=r.onreadystatechange=null,"abort"===e?r.abort():"error"===e?"number"!=typeof r.status?t(0,"error"):t(r.status,r.statusText):t(_t[r.status]||r.status,r.statusText,"text"!==(r.responseType||"text")||"string"!=typeof r.responseText?{binary:r.response}:{text:r.responseText},r.getAllResponseHeaders()))}},r.onload=o(),a=r.onerror=r.ontimeout=o("error"),void 0!==r.onabort?r.onabort=a:r.onreadystatechange=function(){4===r.readyState&&C.setTimeout(function(){o&&a()})},o=o("abort");try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw e}},abort:function(){o&&o()}}}),S.ajaxPrefilter(function(e){e.crossDomain&&(e.contents.script=!1)}),S.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(e){return S.globalEval(e),e}}}),S.ajaxPrefilter("script",function(e){void 0===e.cache&&(e.cache=!1),e.crossDomain&&(e.type="GET")}),S.ajaxTransport("script",function(n){var r,i;if(n.crossDomain||n.scriptAttrs)return{send:function(e,t){r=S("<script>").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Ut,Xt=[],Vt=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Xt.pop()||S.expando+"_"+Ct.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Vt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Vt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Vt,"$1"+r):!1!==e.jsonp&&(e.url+=(Et.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Xt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Ut=E.implementation.createHTMLDocument("").body).innerHTML="<form></form><form></form>",2===Ut.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1<s&&(r=vt(e.slice(s)),e=e.slice(0,s)),m(t)?(n=t,t=void 0):t&&"object"==typeof t&&(i="POST"),0<a.length&&S.ajax({url:e,type:i||"GET",dataType:"html",data:t}).done(function(e){o=arguments,a.html(r?S("<div>").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):("number"==typeof f.top&&(f.top+="px"),"number"==typeof f.left&&(f.left+="px"),c.css(f))}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=$e(y.pixelPosition,function(e,t){if(t)return t=Be(e,n),Me.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0<arguments.length?this.on(n,null,e,t):this.trigger(n)}});var Gt=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;S.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),m(e))return r=s.call(arguments,2),(i=function(){return e.apply(t||this,r.concat(s.call(arguments)))}).guid=e.guid=e.guid||S.guid++,i},S.holdReady=function(e){e?S.readyWait++:S.ready(!0)},S.isArray=Array.isArray,S.parseJSON=JSON.parse,S.nodeName=A,S.isFunction=m,S.isWindow=x,S.camelCase=X,S.type=w,S.now=Date.now,S.isNumeric=function(e){var t=S.type(e);return("number"===t||"string"===t)&&!isNaN(e-parseFloat(e))},S.trim=function(e){return null==e?"":(e+"").replace(Gt,"")},"function"==typeof define&&define.amd&&define("jquery",[],function(){return S});var Yt=C.jQuery,Qt=C.$;return S.noConflict=function(e){return C.$===S&&(C.$=Qt),e&&C.jQuery===S&&(C.jQuery=Yt),S},"undefined"==typeof e&&(C.jQuery=C.$=S),S}); | |
</script> | |
<script type="text/javascript"> | |
/*! jQuery Stupid Table Plugin by Joseph McCullough | https://github.com/joequery/Stupid-Table-Plugin/blob/master/LICENSE */ | |
(function(e){e.fn.stupidtable=function(j){return this.each(function(){var d=e(this);j=j||{};j=e.extend({},{"int":function(b,a){return parseInt(b,10)-parseInt(a,10)},"float":function(b,a){return parseFloat(b)-parseFloat(a)},string:function(b,a){return b<a?-1:b>a?1:0},"string-ins":function(b,a){b=b.toLowerCase();a=a.toLowerCase();return b<a?-1:b>a?1:0}},j);d.on("click","th",function(){var b=d.children("tbody").children("tr"),a=e(this),k=0,n=e.fn.stupidtable.dir;d.find("th").slice(0,a.index()).each(function(){var a=e(this).attr("colspan")||1;k+=parseInt(a,10)});var m=a.data("sort-dir")===n.ASC?n.DESC:n.ASC,p=m==n.DESC?a.data("sort-desc")||a.data("sort")||null:a.data("sort")||null;null!==p&&(d.trigger("beforetablesort",{column:k,direction:m}),d.css("display"),setTimeout(function(){var l=[],c=j[p];b.each(function(a,b){var c=e(b).children().eq(k),d=c.data("sort-value"),c="undefined"!==typeof d?d:c.text();l.push(c)});var f=[],g=0;if(a.data("sort-dir")&&!a.data("sort-desc"))for(c=l.length-1;0<=c;c--)f.push(c);else for(var h=l.slice(0).sort(c),c=0;c<l.length;c++){for(g=e.inArray(l[c],h);-1!=e.inArray(g,f);)g++;f.push(g)}d.find("th").data("sort-dir",null).removeClass("sorting-desc sorting-asc");a.data("sort-dir",m).addClass("sorting-"+m);g=b.slice(0);for(h=c=0;h<f.length;h++)c=f[h],g[c]=b[h];f=e(g);d.children("tbody").append(f);d.trigger("aftertablesort",{column:k,direction:m});d.css("display")},10))})})};e.fn.stupidtable.dir={ASC:"asc",DESC:"desc"}})(jQuery); | |
</script> | |
<script type="text/javascript"> | |
$(document).ready(function() { | |
$(".expandable").click(function (event) { | |
e = event || window.event; | |
var h = e.target || e.srcElement; | |
var content = "#content" + h.id.substr(6); | |
var header = "#" + h.id; | |
$(content).slideToggle("fast"); | |
var exprx = /expandable\b/; | |
if (exprx.exec($(header).attr("class"))) { | |
$(header).addClass("collapsed"); | |
$(header).removeClass("expandable"); | |
} else { | |
$(header).addClass("expandable"); | |
$(header).removeClass("collapsed"); | |
} | |
var essrx = /expandablesubsection/; | |
var cssrx = /collaspablesubsection/; | |
if (essrx.exec($(header).attr("class"))) { | |
$(header).addClass("collaspablesubsection"); | |
$(header).removeClass("expandablesubsection"); | |
} else if (cssrx.exec($(header).attr("class"))) { | |
$(header).addClass("expandablesubsection"); | |
$(header).removeClass("collaspablesubsection"); | |
} | |
return false; | |
}); | |
var table = $("#summaryTable").stupidtable(); | |
table.bind('aftertablesort', function (event, data) { | |
var th = $(this).find('th'); | |
th.find(".arrow").remove(); | |
var arrow = data.direction === 'asc' ? '↑' : '↓'; | |
th.eq(data.column).append('<span class="arrow">' + arrow +'</span>'); | |
}); | |
}); | |
$(function(){ | |
$('#modal-background, #modal-close').click(function () { | |
$('#modal-content,#modal-background').toggleClass('active'); | |
}); | |
$('#modal-text').bind('copy cut', function() { | |
setTimeout('$("#modal-content,#modal-background").toggleClass("active");',100); | |
}); | |
$('#modal-text').keyup(function(e){ | |
if(e.keyCode === 27) { | |
setTimeout('$("#modal-content,#modal-background").toggleClass("active");',100); | |
} | |
}); | |
$('#modal-add-header').click(function () { | |
xml = '<?xml version="1.0" encoding="UTF-8"?>\n<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">\n '; | |
xml += $("#modal-text").text().replace(/\n/g,'\n '); | |
xml += '\n</suppressions>'; | |
$('#modal-add-header').toggleClass('active'); | |
$('#modal-text').text(xml).focus().select(); | |
}); | |
}); | |
function suppressSwitchTo(switchTo) { | |
$('#modal-suppress-change-to-sha1').toggleClass('active'); | |
$('#modal-suppress-change-to-packageUrl').toggleClass('active'); | |
if (!$('#modal-add-header').hasClass('active')) { | |
$('#modal-add-header').toggleClass('active'); | |
} | |
setCopyText($('#suppress-name').val(), | |
switchTo, | |
$('#suppress-'+switchTo).val(), | |
$('#suppress-type').val(), | |
$('#suppress-val').val()); | |
} | |
function copyText(name, sha1, packageUrl, type, val) { | |
$('#suppress-name').val(name); | |
$('#suppress-type').val(type); | |
$('#suppress-val').val(val); | |
$('#suppress-sha1').val(sha1); | |
$('#suppress-packageUrl').val(packageUrl); | |
if (packageUrl=='') { | |
if ($('#modal-suppress-change-to-packageUrl').hasClass('active')) { | |
$('#modal-suppress-change-to-packageUrl').toggleClass('active'); | |
} | |
if ($('#modal-suppress-change-to-sha1').hasClass('active')) { | |
$('#modal-suppress-change-to-sha1').toggleClass('active'); | |
} | |
setCopyText(name, 'sha1', sha1, type, val); | |
} else { | |
if ($('#modal-suppress-change-to-packageUrl').hasClass('active')) { | |
$('#modal-suppress-change-to-packageUrl').toggleClass('active'); | |
} | |
if (!$('#modal-suppress-change-to-sha1').hasClass('active')) { | |
$('#modal-suppress-change-to-sha1').toggleClass('active'); | |
} | |
setCopyText(name, 'packageUrl', packageUrl, type, val); | |
} | |
} | |
function escapeRegExp(text) { | |
return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&'); | |
} | |
function setCopyText(name, matchType, matchValue, suppressType, suppressVal) { | |
xml = '<suppress>\n'; | |
xml += ' <notes><!'+'[CDATA[\n file name: ' + name + '\n ]]'+'></notes>\n'; | |
if (matchType=='packageUrl') { | |
v = matchValue.match(/^[^@]+/); | |
if (v && v[0]) { | |
xml += ' <'+matchType+' regex="true">^' + escapeRegExp(v[0]) + '@.*$</'+matchType+'>\n'; | |
} else { | |
xml += ' <'+matchType+'>' + matchValue + '</'+matchType+'>\n'; | |
} | |
} else { | |
xml += ' <'+matchType+'>' + matchValue + '</'+matchType+'>\n'; | |
} | |
if (suppressType=='cpe') { | |
v = suppressVal.match(/^cpe:\/a:[^:]+:[^:]+/); | |
if (v && v[0]) { | |
xml += ' <'+suppressType+'>' + v[0] + '</'+suppressType+'>\n'; | |
} else { | |
xml += ' <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n'; | |
} | |
} else { | |
xml += ' <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n'; | |
} | |
xml += '</suppress>'; | |
$('#modal-text').text(xml); | |
$('#modal-content,#modal-background,#modal-add-header').addClass('active'); | |
$('#modal-text').focus(); | |
$('#modal-text').select(); | |
} | |
function toggleDisplay(el, clzName, all, some) { | |
$(clzName).toggle(); | |
if (el.innerHTML == all) { | |
el.innerHTML = some; | |
} else { | |
el.innerHTML = all; | |
} | |
return false; | |
} | |
$( document ).ready(function() { | |
$( "#modal-suppress-change-to-packageUrl" ).bind( "click", function( event ) { | |
suppressSwitchTo('packageUrl') | |
}); | |
$( "#modal-suppress-change-to-sha1" ).bind( "click", function( event ) { | |
suppressSwitchTo('sha1') | |
}); | |
$( "#scanInformationToggle" ).bind( "click", function( event ) { | |
return toggleDisplay(event.target, '.scaninfo', 'show all', 'show less'); | |
}); | |
$( "#vulnerabilityDisplayToggle" ).bind( "click", function( event ) { | |
return toggleDisplay(event.target, '.notvulnerable', 'Showing Vulnerable Dependencies (click to show all)', 'Showing All Dependencies (click to show less)'); | |
}); | |
$( ".versionToggle" ).bind( "click", function( event ) { | |
var lnk = event.target; | |
return toggleDisplay(this,lnk.getAttribute('data-toggle'), 'show all', 'show less'); | |
}); | |
$( ".copybutton" ).bind( "click", function( event ) { | |
var btn = event.target; | |
copyText(btn.getAttribute('data-display-name'), | |
btn.getAttribute('data-sha1'), | |
btn.getAttribute('data-pkgurl'), | |
btn.getAttribute('data-type-to-suppress'), | |
btn.getAttribute('data-id-to-suppress')); | |
}); | |
}); | |
</script> | |
<style type="text/css"> | |
#modal-background { | |
display: none; | |
position: fixed; | |
top: 0; | |
left: 0; | |
width: 100%; | |
height: 100%; | |
background-color: white; | |
opacity: .50; | |
-webkit-opacity: .5; | |
-moz-opacity: .5; | |
filter: alpha(opacity=50); | |
z-index: 1000; | |
} | |
#modal-content { | |
background-color: white; | |
border-radius: 10px; | |
-webkit-border-radius: 10px; | |
-moz-border-radius: 10px; | |
box-shadow: 0 0 20px 0 #222; | |
-webkit-box-shadow: 0 0 20px 0 #222; | |
-moz-box-shadow: 0 0 20px 0 #222; | |
display: none; | |
height: 240px; | |
left: 50%; | |
margin: -120px 0 0 -160px; | |
padding: 10px; | |
position: fixed; | |
top: 50%; | |
z-index: 1000; | |
} | |
#modal-add-header { | |
display: none; | |
} | |
#modal-add-header.active { | |
display: block; | |
} | |
#modal-background.active, #modal-content.active { | |
display: block; | |
} | |
#modal-text { | |
border: 0; | |
overflow: hidden | |
} | |
#modal-text:focus { | |
outline: none; | |
} | |
.suppresstype { | |
display: none; | |
} | |
.suppresstype.active { | |
display: block; | |
} | |
.suppressedLabel { | |
cursor: default; | |
padding:1px; | |
background-color: #eeeeee; | |
border: 1px solid #555555; | |
color:#555555; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.copybutton { | |
padding:1px; | |
background-color: #eeeeee; | |
border: 1px solid #555555; | |
color:#555555; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.copybutton:hover { | |
padding:1px; | |
background-color: #dddddd; | |
border: 1px solid #444444; | |
color:#444444; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.modal-button { | |
padding:1px; | |
float:left; | |
background-color: #eeeeee; | |
border: 1px solid #555555; | |
color:#555555; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.modal-button:hover { | |
padding:1px; | |
float:left; | |
background-color: #dddddd; | |
border: 1px solid #333333; | |
color:#333333; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.modal-button-right { | |
padding:1px; | |
float:right; | |
background-color: #eeeeee; | |
border: 1px solid #555555; | |
color:#555555; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.modal-button-right:hover { | |
padding:1px; | |
float:right; | |
background-color: #dddddd; | |
border: 1px solid #333333; | |
color:#333333; | |
text-decoration:none; | |
-moz-border-radius: 3px; | |
-webkit-border-radius: 3px; | |
-khtml-border-radius: 3px; | |
-o-border-radius: 3px; | |
border-radius: 3px; | |
} | |
.rounded-corners { | |
-moz-border-radius: 20px; | |
-webkit-border-radius: 20px; | |
-khtml-border-radius: 20px; | |
-o-border-radius: 20px; | |
border-radius: 20px; | |
} | |
.hidden { | |
display: none; | |
} | |
.expandable { | |
cursor: pointer; | |
background-image: url(data:image/gif;base64,R0lGODlhDAAMAIABAICAgP///yH5BAEAAAEALAAAAAAMAAwAAAIcjI8Hy22Q1FNwhnpxhW3d2XFWJn2PNiZbyERuAQA7); | |
background-repeat: no-repeat; | |
background-position: 98% 50%; | |
} | |
.collapsed { | |
cursor: pointer; | |
background-image: url(data:image/gif;base64,R0lGODlhDAAMAIABAICAgP///yH5BAEAAAEALAAAAAAMAAwAAAIajI8Hy22Q1IszQHphW3ZuXUUZ1ZXi8zFkUgAAOw==); | |
background-repeat: no-repeat; | |
background-position: 98% 50%; | |
} | |
.expandablesubsection { | |
-moz-border-radius-bottomleft:15px; /* bottom left corner */ | |
-webkit-border-bottom-left-radius:15px; /* bottom left corner */ | |
border-bottom-left-radius: 15px; | |
border-bottom: 1px solid #cccccc; | |
} | |
.collaspablesubsection { | |
-moz-border-radius-bottomleft:0px; /* bottom left corner */ | |
-webkit-border-bottom-left-radius:0px; /* bottom left corner */ | |
border-bottom-left-radius: 0px; | |
border-bottom: 0px solid #ffffff; | |
} | |
.standardsubsection { | |
-moz-border-radius-bottomleft:0px; /* bottom left corner */ | |
-webkit-border-bottom-left-radius:0px; /* bottom left corner */ | |
border-bottom-left-radius: 0px; | |
border-bottom: 0px solid #ffffff; | |
} | |
.content { | |
margin-top:0px; | |
margin-left:20px; | |
margin-right:20px; | |
margin-bottom:20px; | |
background: #ffffff; | |
padding: 20px; | |
} | |
.sectionheader { | |
background-color: #cccccc; | |
margin-top: 20px; | |
margin-right: 20px; | |
margin-left: 20px; | |
margin-bottom: 0px; | |
padding-top: 10px; | |
padding-bottom: 10px; | |
padding-left:20px; | |
padding-right:20px; | |
border-top: 1px solid #ccc; | |
border-right: 1px solid #ccc; | |
border-left: 1px solid #ccc; | |
border-bottom: 0px; | |
/* | |
-moz-border-radius: 15px; | |
-webkit-border-radius: 15px; | |
-o-border-radius: 15px; | |
border-radius: 15px; | |
*/ | |
/* firefox's individual border radius properties */ | |
-moz-border-radius-topleft:15px; /* top left corner */ | |
-moz-border-radius-topright:0px; /* top right corner */ | |
-moz-border-radius-bottomleft:0px; /* bottom left corner */ | |
-moz-border-radius-bottomright:0px; /* bottom right corner */ | |
/* webkit's individual border radius properties */ | |
-webkit-border-top-left-radius:15px; /* top left corner */ | |
-webkit-border-top-right-radius:0px; /* top right corner */ | |
-webkit-border-bottom-left-radius:0px; /* bottom left corner */ | |
-webkit-border-bottom-right-radius:0px; /* bottom right corner */ | |
/* ie9+ */ | |
border-top-left-radius: 15px; | |
border-top-right-radius: 0px; | |
border-bottom-right-radius: 0px; | |
border-bottom-left-radius: 0px; | |
} | |
.sectioncontent { | |
margin-top:0px; | |
margin-left:20px; | |
margin-right:20px; | |
margin-bottom:10px; | |
background: #ffffff; | |
padding-top: 10px; | |
padding-bottom: 20px; | |
padding-left:20px; | |
padding-right:20px; | |
border-top: 0px; | |
border-right: 1px solid #ccc; | |
border-left: 1px solid #ccc; | |
border-bottom: 1px solid #ccc; | |
-moz-border-radius-topleft:0px; /* top left corner */ | |
-moz-border-radius-topright:0px; /* top right corner */ | |
-moz-border-radius-bottomright:15px; /* bottom right corner */ | |
-moz-border-radius-bottomleft:15px; /* bottom right corner */ | |
/* webkit's individual border radius properties */ | |
-webkit-border-top-left-radius:0px; /* top left corner */ | |
-webkit-border-top-right-radius:0px; /* top right corner */ | |
-webkit-border-bottom-right-radius:15px; /* bottom right corner */ | |
-webkit-border-bottom-left-radius:15px; /* bottom right corner */ | |
/* ie9+ */ | |
border-top-left-radius: 0px; | |
border-top-right-radius: 0px; | |
border-bottom-right-radius: 15px; | |
border-bottom-left-radius: 15px; | |
} | |
.subsectionheader { | |
background-color: #cccccc; | |
margin-top: 20px; | |
margin-right: 20px; | |
margin-left: 0px; | |
margin-bottom: 0px; | |
padding-top: 10px; | |
padding-bottom: 10px; | |
padding-left:20px; | |
padding-right:20px; | |
border-top: 1px solid #ccc; | |
border-right: 1px solid #ccc; | |
border-left: 1px solid #ccc; | |
/* firefox's individual border radius properties */ | |
-moz-border-radius-topleft:15px; /* top left corner */ | |
-moz-border-radius-topright:0px; /* top right corner */ | |
-moz-border-radius-bottomright:0px; /* bottom right corner */ | |
/* webkit's individual border radius properties */ | |
-webkit-border-top-left-radius:15px; /* top left corner */ | |
-webkit-border-top-right-radius:0px; /* top right corner */ | |
-webkit-border-bottom-right-radius:0px; /* bottom right corner */ | |
/* ie9+ */ | |
border-top-left-radius: 15px; | |
border-top-right-radius: 0px; | |
border-bottom-right-radius: 0px; | |
} | |
.subsectioncontent { | |
margin-top:0px; | |
margin-left:0px; | |
margin-right:20px; | |
margin-bottom:10px; | |
background: #ffffff; | |
padding-top: 10px; | |
padding-left: 20px; | |
padding-right: 20px; | |
padding-bottom: 20px; | |
border-top: 0px; | |
border-right: 1px solid #ccc; | |
border-left: 1px solid #ccc; | |
border-bottom: 1px solid #ccc; | |
-moz-border-radius-topleft:0px; /* top left corner */ | |
-moz-border-radius-topright:0px; /* top right corner */ | |
-moz-border-radius-bottomleft:15px; /* bottom left corner */ | |
-moz-border-radius-bottomright:15px; /* bottom right corner */ | |
/* webkit's individual border radius properties */ | |
-webkit-border-top-left-radius:0px; /* top left corner */ | |
-webkit-border-top-right-radius:0px; /* top right corner */ | |
-webkit-border-bottom-left-radius:15px; /* bottom left corner */ | |
-webkit-border-bottom-right-radius:15px; /* bottom right corner */ | |
/* ie9+ */ | |
border-top-left-radius: 0px; | |
border-top-right-radius: 0px; | |
border-bottom-right-radius: 15px; | |
border-bottom-left-radius: 15px; | |
} | |
.white { | |
background-color: #ffffff; | |
} | |
.red { | |
background-color: #DF0101; | |
} | |
.left { | |
text-align: left; | |
} | |
.indent { | |
margin-left:20px; | |
} | |
td{ | |
vertical-align:text-top; | |
padding:6px; | |
margin:0px; | |
} | |
th { | |
text-align:left; | |
vertical-align:text-top; | |
padding:6px; | |
margin:0px; | |
border-bottom:1px; | |
border-color: black; | |
} | |
table { | |
border: 0px; | |
} | |
table.lined tr:nth-child(even) { | |
background-color: #f3f3f3; | |
} | |
.fullwidth { | |
width:100%; | |
} | |
body { | |
font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif | |
} | |
ul { | |
margin-top:3px; | |
margin-bottom:3px; | |
} | |
.vulnerable { | |
color: #000; | |
} | |
.notvulnerable { | |
display:none; | |
} | |
.hidden { | |
display:none; | |
} | |
.infolink { | |
text-decoration:none; | |
color: blue; | |
float:right; | |
} | |
.infolink:hover { | |
text-decoration:none; | |
color: blue; | |
float:right; | |
} | |
.disclaimer { | |
color: #888888; | |
font: 9px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif | |
} | |
.sortable { | |
cursor:pointer; | |
} | |
.sortable:hover { | |
text-decoration:underline; | |
} | |
pre { | |
white-space: pre-wrap; | |
font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif | |
} | |
.underline { | |
text-decoration: underline; | |
} | |
</style> | |
</head> | |
<body> | |
<div id="modal-background"></div> | |
<div id="modal-content"> | |
<div>Press CTR-C to copy XML <a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" class="infolink" target="_blank" title="Help with suppressing false positives">[help]</a></div> | |
<button id="modal-suppress-change-to-packageUrl" class="modal-button suppresstype" title="Supress by Maven Group Artifact Version">Suppress By GAV</button> | |
<button id="modal-suppress-change-to-sha1" class="modal-button suppresstype" title="Supress by SHA1 hash">Suppress By SHA1</button><br/> | |
<input type="hidden" id="suppress-name"/> | |
<input type="hidden" id="suppress-type"/><input type="hidden" id="suppress-val"/> | |
<input type="hidden" id="suppress-sha1"/><input type="hidden" id="suppress-packageUrl"/> | |
<textarea id="modal-text" cols="50" rows="10" readonly></textarea><br/> | |
<button id="modal-add-header" title="Add the parent XML nodes to create the complete XML file that can be used to suppress this finding" class="modal-button">Complete XML Doc</button><button id="modal-close" class="modal-button-right">Close</button> | |
</div> | |
<div class="wrapper"> | |
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" version="1.1" x="0" y="0" width="459.5" height="150" viewBox="0 0 459.5 150" enable-background="new 0 0 595.28 841.89" xml:space="preserve"><g transform="translate(-79.10464,-172.551)"><path d="m246.1 274.3c-2.6 0-5.3-0.2-6.6-0.5-0.6-0.1-0.9-0.4-0.9-1.1l0-20.4c0-0.7 0.3-1 0.9-1.1 1.3-0.2 4-0.5 6.6-0.5 6.1 0 9.8 3.2 9.8 9.7l0 4c0 6.5-3.7 9.7-9.8 9.7zm4.6-13.7c0-4.2-1.8-5.3-4.6-5.3-0.8 0-1.8 0-2.2 0.1l0 14.4c0.4 0 1.4 0.1 2.2 0.1 2.8 0 4.6-1.1 4.6-5.3l0-4zM273 273.9 273 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM285.2 266c-0.7 0-1.7-0.1-2.5-0.1l0 7.5c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.2-0.6-0.6l0-20.7c0-1 0.4-1.3 1.4-1.5 1.6-0.2 4-0.4 6.3-0.4 4.7 0 9.2 1.6 9.2 7.4l0 0.3c0 5.8-4.6 7.5-9.2 7.5zm3.9-7.7c0-2.2-1.4-3-3.9-3-0.4 0-2.1 0.1-2.5 0.1l0 6.3c0.3 0 2.2 0.1 2.5 0.1 2.7 0 3.9-1 3.9-3.1l0-0.3zM311 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM332.4 274l-3 0c-0.6 0-1.1-0.1-1.6-1l-7-12.1c-0.1-0.2-0.2-0.2-0.3-0.2-0.1 0-0.2 0.1-0.2 0.2l0 12.5c0 0.3-0.3 0.6-0.6 0.6l-3.6 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.1c0-0.6 0.5-1.2 1.2-1.2l3.1 0c0.6 0 0.9 0.3 1.3 1l7.3 12.7c0.1 0.2 0.2 0.2 0.2 0.2 0.1 0 0.2-0.1 0.2-0.3l0-13c0-0.3 0.3-0.6 0.6-0.6l3.6 0c0.3 0 0.6 0.2 0.6 0.6l0 21.1c0 0.6-0.6 1.2-1.2 1.2zM345.4 274.3c-2.6 0-5.3-0.2-6.6-0.5-0.6-0.1-0.9-0.4-0.9-1.1l0-20.4c0-0.7 0.3-1 0.9-1.1 1.3-0.2 4-0.5 6.6-0.5 6.1 0 9.8 3.2 9.8 9.7l0 4c0 6.5-3.7 9.7-9.8 9.7zm4.6-13.7c0-4.2-1.8-5.3-4.6-5.3-0.8 0-1.8 0-2.2 0.1l0 14.4c0.4 0 1.4 0.1 2.2 0.1 2.8 0 4.6-1.1 4.6-5.3l0-4zM372.3 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM393.7 274l-3 0c-0.6 0-1.1-0.1-1.6-1l-7-12.1c-0.1-0.2-0.2-0.2-0.3-0.2-0.1 0-0.2 0.1-0.2 0.2l0 12.5c0 0.3-0.3 0.6-0.6 0.6l-3.6 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.1c0-0.6 0.5-1.2 1.2-1.2l3.1 0c0.6 0 0.9 0.3 1.3 1l7.3 12.7c0.1 0.2 0.2 0.2 0.2 0.2 0.1 0 0.2-0.1 0.2-0.3l0-13c0-0.3 0.3-0.6 0.6-0.6l3.6 0c0.3 0 0.6 0.2 0.6 0.6l0 21.1c0 0.6-0.6 1.2-1.2 1.2zM412.4 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM433.6 251.8l-4.7 10.7c-0.6 1.4-1.3 2.1-2 2.4l0 8.6c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-8.6c-0.7-0.3-1.4-1-2-2.4l-4.7-10.7c0-0.1 0-0.2 0-0.2 0-0.2 0.2-0.5 0.5-0.5l4.4 0c0.3 0 0.5 0.2 0.6 0.5l3.3 8.7c0.2 0.4 0.2 0.5 0.5 0.5 0.2 0 0.3-0.1 0.5-0.5l3.3-8.7c0.1-0.3 0.3-0.5 0.6-0.5l4.4 0c0.3 0 0.5 0.2 0.5 0.5 0 0.1 0 0.2 0 0.2zM442 266.5l-6 0c-0.3 0-0.6-0.2-0.6-0.6l0-2.5c0-0.3 0.3-0.6 0.6-0.6l6 0c0.3 0 0.6 0.2 0.6 0.6l0 2.5c0 0.3-0.3 0.6-0.6 0.6z" style="fill:#231f20;opacity:0.5"/><path d="m459 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM480.6 274l-4 0M480.6 274l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-8.9-7.6 0 0 8.9c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.7c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 8.2 7.6 0 0-8.2c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 21.7c0 0.3-0.3 0.6-0.6 0.6zM498.9 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM516.6 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM538.5 251.9l-7.3 10.4 7.4 11.1c0.1 0.1 0.1 0.2 0.1 0.3 0 0.2-0.2 0.3-0.4 0.3l-5.3 0c-0.4 0-0.5-0.2-0.7-0.4l-6.3-10.2 0 10c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.7c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 9.8 6.8-10c0.2-0.2 0.3-0.4 0.7-0.4l4.7 0c0.3 0 0.5 0.2 0.5 0.3 0 0.1-0.1 0.3-0.2 0.4z" fill="#f78d0a"/><path d="m151.6 187.1 0-14.6c-36.7 5.4-65.9 33.9-72.2 70.4l14.7 0C100 214.5 122.8 192.2 151.6 187.1Z" style="fill:#231f20;opacity:0.5"/><path d="m151.6 200.4 0-13.3c-28.7 5.1-51.6 27.3-57.5 55.8l13.3 0c5.5-21.2 22.6-37.8 44.2-42.5z" style="fill:#231f20;opacity:0.3"/><path d="m193 237-10.9 10.9c0.3 0.6 0.7 1.2 1 1.9 1 2.5 1.5 5.3 1.5 8.2l0 0.2c0 3-0.5 5.8-1.5 8.2-1 2.5-2.4 4.6-4.2 6.4-1.8 1.8-3.9 3.2-6.4 4.2-2.5 1-5.3 1.5-8.3 1.5l-11.5 0 0-1-14.4 14.4 25.9 0c5.3 0 10.1-0.9 14.6-2.6 4.4-1.7 8.2-4.1 11.4-7.2 3.2-3 5.7-6.6 7.4-10.7 1.7-4.1 2.6-8.6 2.6-13.3l0-0.2c0-4.8-0.9-9.2-2.6-13.3-1.2-2.7-2.7-5.2-4.5-7.5z" fill="#f78d0a"/><path d="m152.7 237.6 11.5 0c3 0 5.8 0.5 8.3 1.5 2.5 1 4.7 2.4 6.4 4.2 1.3 1.3 2.3 2.9 3.2 4.6l10.9-10.9c-0.9-1.1-1.8-2.2-2.9-3.2-3.2-3-7-5.4-11.4-7.1-4.4-1.7-9.3-2.6-14.6-2.6l-26.4 0 0 67.7 0.5 0 14.4-14.4 0-39.8z" style="fill:#f78d0a;opacity:0.7"/><path d="m179.5 187.7 0 13.4c11.9 3.2 22.3 10.1 29.9 19.4l9.2-9.3c-10-11.7-23.6-20.1-39.2-23.5z" style="fill:#231f20;opacity:0.3"/><path d="m179.5 173 0 14.7c15.5 3.4 29.2 11.8 39.2 23.5l10.2-10.2c-12.6-14.3-29.8-24.5-49.4-28zM93.7 270.9l-14.6 0M93.7 270.9l-14.6 0c3.1 20.5 13.6 38.6 28.5 51.7l10.2-10.2C105.5 301.9 96.8 287.4 93.7 270.9Z" fill="#f78d0a"/><path d="m107 270.9-13.3 0c3.1 16.5 11.8 31 24.1 41.5l9.2-9.3c-9.9-8.1-17.1-19.3-20-32.2z" style="fill:#231f20;opacity:0.3"/></g></svg> | |
<p class="disclaimer">Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; | |
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and | |
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, | |
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided | |
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever | |
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p> | |
<h3><a href="http://jeremylong.github.io/DependencyCheck/general/thereport.html" target="_blank">How to read the report</a> | | |
<a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" target="_blank">Suppressing false positives</a> | | |
Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" target="_blank">github issues</a><br/><br/> | |
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="10pt" height="10pt" viewBox="0 0 10 10" version="1.1"><g id="surface1"><path style=" stroke:none;fill-rule:nonzero;fill:rgb(0%,0%,0%);fill-opacity:1;" d="M 8.125 4.167969 C 7.089844 4.167969 6.25 5.007812 6.25 6.042969 C 6.25 7.078125 7.089844 7.917969 8.125 7.917969 C 9.160156 7.917969 10 7.078125 10 6.042969 C 10 5.007812 9.160156 4.167969 8.125 4.167969 Z M 9.167969 6.25 L 8.332031 6.25 L 8.332031 7.082031 L 7.917969 7.082031 L 7.917969 6.25 L 7.082031 6.25 L 7.082031 5.832031 L 7.917969 5.832031 L 7.917969 5 L 8.332031 5 L 8.332031 5.832031 L 9.167969 5.832031 Z M 6.445312 8.164062 C 5.984375 8.617188 5.5 9.089844 5 9.582031 C 2.320312 6.925781 0 4.9375 0 2.996094 C 0 1.328125 1.289062 0.417969 2.617188 0.417969 C 3.53125 0.417969 4.464844 0.851562 5 1.769531 C 5.53125 0.855469 6.46875 0.421875 7.386719 0.421875 C 8.710938 0.421875 10 1.324219 10 2.996094 C 10 3.308594 9.933594 3.621094 9.824219 3.933594 C 9.605469 3.757812 9.355469 3.617188 9.085938 3.511719 C 9.136719 3.335938 9.167969 3.164062 9.167969 2.996094 C 9.167969 1.800781 8.242188 1.253906 7.386719 1.253906 C 6.027344 1.253906 5.3125 2.703125 5 3.347656 C 4.6875 2.703125 3.964844 1.25 2.617188 1.25 C 1.652344 1.25 0.832031 1.882812 0.832031 2.996094 C 0.832031 4.429688 2.808594 6.265625 5 8.414062 L 5.878906 7.554688 C 6.035156 7.785156 6.226562 7.988281 6.445312 8.164062 Z M 6.445312 8.164062 "/></g></svg> <a aria-label="Sponsor @jeremylong" target="_blank" href="https://github.com/sponsors/jeremylong">Sponsor</a></h3> | |
<h2 class="">Project: </h2><div class="">Scan Information (<a href="#" title="Click to toggle display" id="scanInformationToggle">show all</a>):<br/><ul class="indent"><li><i>dependency-check version</i>: 7.1.0</li><li><i>Report Generated On</i>: Fri, 2 Dec 2022 15:04:52 +0300</li><li><i>Dependencies Scanned</i>: 142 (67 unique)</li><li><i>Vulnerable Dependencies</i>: <span id="vulnerableCount">8</span></li><li><i>Vulnerabilities Found</i>: 191</li><li><i>Vulnerabilities Suppressed</i>: 0</li><li class="scaninfo">...</li><li class="scaninfo hidden"><i>NVD CVE Checked</i>: 2022-05-20T12:18:09</li><li class="scaninfo hidden"><i>NVD CVE Modified</i>: 2022-05-20T08:00:03</li></ul><br/><h2>Summary</h2>Display: <a href="#" title="Click to toggle display" id="vulnerabilityDisplayToggle">Showing Vulnerable Dependencies (click to show all)</a><br/><br/><table id="summaryTable" class="lined"><thead><tr style="text-align:left"><th class="sortable" data-sort="string" title="The name of the dependency">Dependency</th><th class="sortable" data-sort="string" title="The Common Platform Enumeration">Vulnerability IDs</th><th class="sortable" data-sort="string" title="The Build Coordinates">Package</th><th class="sortable" data-sort="float" title="The highest CVE Severity">Highest Severity</th><th class="sortable" data-sort="int" title="The number of Common Vulnerability and Exposure (CVE) entries">CVE Count</th><th class="sortable" data-sort="string" title="The confidence rating dependency-check has for the identified CPE">Confidence</th><th class="sortable" data-sort="int" title="The count of evidence collected to identify the CPE">Evidence Count</th></tr></thead><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JFFI:1.3.10)"><a href="#l1_ad69c29a9ba739e6f0cff36366352e002ad515b0">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jffi:1.3.10)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jffi@1.3.10">pkg:maven/com.github.jnr/jffi@1.3.10</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-A64ASM:1.0.0)"><a href="#l2_17a5a92b79393a59e19ba38e1bdf8252a660e359">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-a64asm:1.0.0)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-a64asm@1.0.0">pkg:maven/com.github.jnr/jnr-a64asm@1.0.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-CONSTANTS:0.10.4)"><a href="#l3_7f1b4d9764ee6aa6c1a7b6e72a9cb7c780b27555">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-constants:0.10.4)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-constants@0.10.4">pkg:maven/com.github.jnr/jnr-constants@0.10.4</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>21</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-ENXIO:0.32.14)"><a href="#l4_8c1fd848724534f7c129860ce817749a939a583f">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-enxio:0.32.14)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-enxio@0.32.14">pkg:maven/com.github.jnr/jnr-enxio@0.32.14</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-FFI:2.2.13)"><a href="#l5_921a9ca28d8aa484222d2584d96b0588d35b8fb8">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-ffi:2.2.13)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-ffi@2.2.13">pkg:maven/com.github.jnr/jnr-ffi@2.2.13</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>21</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-NETDB:1.2.0)"><a href="#l6_3a6045d944a9b4720156cd533ca1cbd1f22bc4b5">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-netdb:1.2.0)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-netdb@1.2.0">pkg:maven/com.github.jnr/jnr-netdb@1.2.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-POSIX:3.1.16)"><a href="#l7_6f2668db6c9f555fe21001ffcf5362f277b563ff">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-posix:3.1.16)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-posix@3.1.16">pkg:maven/com.github.jnr/jnr-posix@3.1.16</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-UNIXSOCKET:0.38.19)"><a href="#l8_4b51870268677335b2ebf31549b66d0dc8657fbd">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-unixsocket:0.38.19)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-unixsocket@0.38.19">pkg:maven/com.github.jnr/jnr-unixsocket@0.38.19</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>21</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.GITHUB.JNR:JNR-X86ASM:1.0.2)"><a href="#l9_91de5c25955d1f321832738dce614b45e9939050">jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-x86asm:1.0.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.github.jnr/jnr-x86asm@1.0.2">pkg:maven/com.github.jnr/jnr-x86asm@1.0.2</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.HEADIUS:BACKPORT9:1.12)"><a href="#l10_c0b388a50a3030e56089ada5154366529a5da213">jruby-complete-9.4.0.0.jar (shaded: com.headius:backport9:1.12)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.headius/backport9@1.12">pkg:maven/com.headius/backport9@1.12</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>11</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.HEADIUS:INVOKEBINDER:1.12)"><a href="#l11_a6c6a3452366292f645d1f80612a984367f5ec13">jruby-complete-9.4.0.0.jar (shaded: com.headius:invokebinder:1.12)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.headius/invokebinder@1.12">pkg:maven/com.headius/invokebinder@1.12</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.HEADIUS:OPTIONS:1.6)"><a href="#l12_78e835c2bb1a934075961f2954452a0871b931be">jruby-complete-9.4.0.0.jar (shaded: com.headius:options:1.6)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.headius/options@1.6">pkg:maven/com.headius/options@1.6</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: COM.JCRAFT:JZLIB:1.1.3)"><a href="#l13_6e6789004c70477a6e2ea92c066b757534e63a10">jruby-complete-9.4.0.0.jar (shaded: com.jcraft:jzlib:1.1.3)</a></td><td data-sort-value="cpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajcraft&cpe_product=cpe%3A%2F%3Ajcraft%3Ajzlib&cpe_version=cpe%3A%2F%3Ajcraft%3Ajzlib%3A1.1.3" target="_blank">cpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/com.jcraft/jzlib@1.1.3">pkg:maven/com.jcraft/jzlib@1.1.3</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>23</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: JODA-TIME:JODA-TIME:2.10.10)"><a href="#l14_d6b3422231b9c976bc409b906f114fa0697b280c">jruby-complete-9.4.0.0.jar (shaded: joda-time:joda-time:2.10.10)</a></td><td data-sort-value="cpe:2.3:a:time_project:time:2.10.10:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Atime_project&cpe_product=cpe%3A%2F%3Atime_project%3Atime&cpe_version=cpe%3A%2F%3Atime_project%3Atime%3A2.10.10" target="_blank">cpe:2.3:a:time_project:time:2.10.10:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/joda-time/joda-time@2.10.10">pkg:maven/joda-time/joda-time@2.10.10</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>21</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ME.QMX.JITESCRIPT:JITESCRIPT:0.4.1)"><a href="#l15_63a1b1c6c7ac7c29e8d7a065a9c2649058455749">jruby-complete-9.4.0.0.jar (shaded: me.qmx.jitescript:jitescript:0.4.1)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/me.qmx.jitescript/jitescript@0.4.1">pkg:maven/me.qmx.jitescript/jitescript@0.4.1</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY.JCODINGS:JCODINGS:1.0.58)"><a href="#l16_b017398f93b3cc006a598e045ce2bd5a706ee3d4">jruby-complete-9.4.0.0.jar (shaded: org.jruby.jcodings:jcodings:1.0.58)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.jruby.jcodings/jcodings@1.0.58">pkg:maven/org.jruby.jcodings/jcodings@1.0.58</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>19</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY.JONI:JONI:2.1.44)"><a href="#l17_7185b2492b4a79fb5bbf624fec0610fe4abf4aa0">jruby-complete-9.4.0.0.jar (shaded: org.jruby.joni:joni:2.1.44)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.jruby.joni/joni@2.1.44">pkg:maven/org.jruby.joni/joni@2.1.44</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class=" vulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY:DIRGRA:0.3)"><a href="#l18_91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2">jruby-complete-9.4.0.0.jar (shaded: org.jruby:dirgra:0.3)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:0.3:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A0.3" target="_blank">cpe:2.3:a:jruby:jruby:0.3:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.jruby/dirgra@0.3">pkg:maven/org.jruby/dirgra@0.3</td><td data-sort-value="50.0">MEDIUM</td><td>2</td><td data-sort-value="0">Highest</td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY:JRUBY-BASE:9.4.0.0)"><a href="#l19_6eb4dded03e5279d795ad1f6bfe726a82dc27915">jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-base:9.4.0.0)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.jruby/jruby-base@9.4.0.0">pkg:maven/org.jruby/jruby-base@9.4.0.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY:JRUBY-CORE:9.4.0.0)"><a href="#l20_75e6ff592d2bb2efbe489581f6ed44553ac7bc1d">jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-core:9.4.0.0)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.jruby/jruby-core@9.4.0.0">pkg:maven/org.jruby/jruby-core@9.4.0.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR (SHADED: ORG.JRUBY:JRUBY-STDLIB:9.4.0.0)"><a href="#l21_e617db8785e1bf7596d91bbe4c938ad998372723">jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-stdlib:9.4.0.0)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.jruby/jruby-stdlib@9.4.0.0">pkg:maven/org.jruby/jruby-stdlib@9.4.0.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR"><a href="#l22_1d915bd287a262b14c449a2cd2382ac4f103cd85">jruby-complete-9.4.0.0.jar</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.jruby/jruby-complete@9.4.0.0">pkg:maven/org.jruby/jruby-complete@9.4.0.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>31</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: BCPKIX-JDK18ON-1.71.JAR"><a href="#l23_211bcae48a96c688ca215394d631eec2b874fff1">jruby-complete-9.4.0.0.jar: bcpkix-jdk18on-1.71.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>39</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: BCPROV-JDK18ON-1.71.JAR"><a href="#l24_943e8d0c2bd592ad78759c39d6f749fafaf29cf4">jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar</a></td><td data-sort-value="cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.71:*:*:*:*:*:*:*cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.71:*:*:*:*:*:*:*cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.71:*:*:*:*:*:*:*cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.71:*:*:*:*:*:*:*cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.71:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Abouncy-castle-crypto-package&cpe_version=cpe%3A%2F%3Abouncycastle%3Abouncy-castle-crypto-package%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.71:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Abouncy_castle_crypto_package&cpe_version=cpe%3A%2F%3Abouncycastle%3Abouncy_castle_crypto_package%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.71:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle&cpe_version=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.71:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle-java-crytography-api&cpe_version=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle-java-crytography-api%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.71:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Athe_bouncy_castle_crypto_package_for_java&cpe_version=cpe%3A%2F%3Abouncycastle%3Athe_bouncy_castle_crypto_package_for_java%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.71:*:*:*:*:*:*:*</a></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>41</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: BCTLS-JDK18ON-1.71.JAR"><a href="#l25_6a2d887b25de4db3531ff77df39dcdd32787e585">jruby-complete-9.4.0.0.jar: bctls-jdk18on-1.71.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>43</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: BCUTIL-JDK18ON-1.71.JAR"><a href="#l26_57daa18bc93730eab46291d9b55a15480e013265">jruby-complete-9.4.0.0.jar: bcutil-jdk18on-1.71.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>39</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: CPARSE-JRUBY.JAR"><a href="#l27_3db40231f23513637dc2d89300866bab97b9019f">jruby-complete-9.4.0.0.jar: cparse-jruby.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>5</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: DARKFISH.JS"><a href="#l28_5de3c13a83ac02d213bacc7c5642673b7692f1c9">jruby-complete-9.4.0.0.jar: darkfish.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: DIGEST.JAR"><a href="#l29_ec9fc8554da4b74cba72c8074d4dd42db3e3b734">jruby-complete-9.4.0.0.jar: digest.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: ESCAPE.JAR"><a href="#l30_19179a67dc685dca54bf47693a6b5f2ba39611ca">jruby-complete-9.4.0.0.jar: escape.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>8</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: FILEUTILS.GEMSPEC"><a href="#l31_16dc3207f02d0a2f327535f305341f7f65240f90">jruby-complete-9.4.0.0.jar: fileutils.gemspec</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/fileutils">pkg:gem/fileutils</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: GENERATOR.JAR"><a href="#l32_320251ec9ef0c596fdbfffb796f5cd103827b7ba">jruby-complete-9.4.0.0.jar: generator.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>5</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JFFI-1.2.DLL"><a href="#l33_07d30c6407fefad8df4b6afc4d85f83e547975ca">jruby-complete-9.4.0.0.jar: jffi-1.2.dll</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>4</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JFFI-1.2.DLL"><a href="#l34_5ca292116336ee4ceed00d10e756afea580e62cf">jruby-complete-9.4.0.0.jar: jffi-1.2.dll</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>4</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JLINE-2.14.6.JAR"><a href="#l35_c3aeac59c022bdc497c8c48ed86fa50450e4896a">jruby-complete-9.4.0.0.jar: jline-2.14.6.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/jline/jline@2.14.6">pkg:maven/jline/jline@2.14.6</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>36</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JLINE-2.14.6.JAR: JANSI.DLL"><a href="#l36_f91fda2c7f9f485db21a50c05ff3a65c1fa20090">jruby-complete-9.4.0.0.jar: jline-2.14.6.jar: jansi.dll</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>2</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JLINE-2.14.6.JAR: JANSI.DLL"><a href="#l37_8d96f40da8970ddd48af4517512a0fdd077c33da">jruby-complete-9.4.0.0.jar: jline-2.14.6.jar: jansi.dll</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>2</td></tr><tr class=" vulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JOPENSSL.JAR (SHADED: RUBYGEMS:JRUBY-OPENSSL:0.14.0)"><a href="#l38_feebc56dc27535e5d94fe99b4c1d46fbac3a68e9">jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:0.14.0:*:*:*:*:*:*:*cpe:2.3:a:openssl:openssl:0.14.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A0.14.0" target="_blank">cpe:2.3:a:jruby:jruby:0.14.0:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aopenssl&cpe_product=cpe%3A%2F%3Aopenssl%3Aopenssl&cpe_version=cpe%3A%2F%3Aopenssl%3Aopenssl%3A0.14.0" target="_blank">cpe:2.3:a:openssl:openssl:0.14.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/rubygems/jruby-openssl@0.14.0">pkg:maven/rubygems/jruby-openssl@0.14.0</td><td data-sort-value="98.0">CRITICAL</td><td>20</td><td data-sort-value="0">Highest</td><td>17</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JOPENSSL.JAR"><a href="#l39_bcdf391001aba72dd10af7933442cedc758b6a08">jruby-complete-9.4.0.0.jar: jopenssl.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JRUBY.DLL"><a href="#l40_d2055cf2721ccd0d84ce9776f6948f32693edb23">jruby-complete-9.4.0.0.jar: jruby.dll</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>2</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JRUBY.EXE"><a href="#l41_f77fcf2f1d1f68e89c2e1030f180c16247e483ce">jruby-complete-9.4.0.0.jar: jruby.exe</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>2</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: JRUBYW.EXE"><a href="#l42_cd64083be92749aba74e568ddc619b905833d193">jruby-complete-9.4.0.0.jar: jrubyw.exe</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>2</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: NAVIGATION.JS"><a href="#l43_a99b9374c2e37d315a6279b9238615252becac49">jruby-complete-9.4.0.0.jar: navigation.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: NET-SMTP.GEMSPEC"><a href="#l44_17c93a93592b6d69ee57907bd075649cc19c11aa">jruby-complete-9.4.0.0.jar: net-smtp.gemspec</a></td><td data-sort-value=""></td><td data-sort-value="gem:null">gem:null</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>20</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: PARSER.JAR"><a href="#l45_8f981206207df1d7d9971bd0d74dda5aa0ba7b2c">jruby-complete-9.4.0.0.jar: parser.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>5</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: PSYCH.JAR"><a href="#l46_57ba8756375250c8c0e2fb569b7d698d8b10d9c5">jruby-complete-9.4.0.0.jar: psych.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class=" vulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: READLINE.JAR (SHADED: RUBYGEMS:JRUBY-READLINE:1.3.7)"><a href="#l47_3cb722b663bcb103aafaed0789d9491684d21eb6">jruby-complete-9.4.0.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)</a></td><td data-sort-value="cpe:2.3:a:jruby:jruby:1.3.7:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A1.3.7" target="_blank">cpe:2.3:a:jruby:jruby:1.3.7:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/rubygems/jruby-readline@1.3.7">pkg:maven/rubygems/jruby-readline@1.3.7</td><td data-sort-value="50.0">MEDIUM</td><td>2</td><td data-sort-value="0">Highest</td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: READLINE.JAR"><a href="#l48_f94495275a3d40af13986495b60d7a2029d8eba5">jruby-complete-9.4.0.0.jar: readline.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: SEARCH.JS"><a href="#l49_7227a18b55ac08a0f8cc03ea8ac063f6dba1a1e5">jruby-complete-9.4.0.0.jar: search.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: SEARCHER.JS"><a href="#l50_ff8ca51fd50d759d6ad7b78a171c8646968f7520">jruby-complete-9.4.0.0.jar: searcher.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: SNAKEYAML-1.33.JAR"><a href="#l51_2cd0a87ff7df953f810c344bdf2fe3340b954c69">jruby-complete-9.4.0.0.jar: snakeyaml-1.33.jar</a></td><td data-sort-value="cpe:2.3:a:snakeyaml_project:snakeyaml:1.33:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Asnakeyaml_project&cpe_product=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml&cpe_version=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml%3A1.33" target="_blank">cpe:2.3:a:snakeyaml_project:snakeyaml:1.33:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.yaml/snakeyaml@1.33">pkg:maven/org.yaml/snakeyaml@1.33</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>41</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: STRINGIO.JAR"><a href="#l52_4e79db3db102099264192a5f8a37a59f7aca731e">jruby-complete-9.4.0.0.jar: stringio.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: STRSCAN.JAR"><a href="#l53_a633297a11690d0fa6adcea1d102b69586a18fe5">jruby-complete-9.4.0.0.jar: strscan.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="JRUBY-COMPLETE-9.4.0.0.JAR: WAIT.JAR"><a href="#l54_b9079a8554f39435b7c44fff86b83a857c7962f8">jruby-complete-9.4.0.0.jar: wait.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>8</td></tr><tr class="notvulnerable"><td data-sort-value="MATRIX:0.4.2"><a href="#l55_ae63788a95b318d16eef550f336015334d27b578">matrix:0.4.2</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/matrix@0.4.2">pkg:gem/matrix@0.4.2</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>14</td></tr><tr class="notvulnerable"><td data-sort-value="MINITEST:5.15.0"><a href="#l56_411abb0b6d5e1b76f8adfcc16b90495a2d284767">minitest:5.15.0</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/minitest@5.15.0">pkg:gem/minitest@5.15.0</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>11</td></tr><tr class=" vulnerable"><td data-sort-value="NET-FTP:0.1.3"><a href="#l57_2071a9b16d87c9f0857c5fe0a2c17b35de771177">net-ftp:0.1.3</a></td><td data-sort-value="cpe:2.3:a:ftp:ftp:0.1.3:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aftp&cpe_product=cpe%3A%2F%3Aftp%3Aftp&cpe_version=cpe%3A%2F%3Aftp%3Aftp%3A0.1.3" target="_blank">cpe:2.3:a:ftp:ftp:0.1.3:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:gem/net-ftp@0.1.3">pkg:gem/net-ftp@0.1.3</td><td data-sort-value="100.0">HIGH</td><td>2</td><td data-sort-value="0">Highest</td><td>14</td></tr><tr class=" vulnerable"><td data-sort-value="NET-IMAP:0.2.2"><a href="#l58_5d4f5c06a92f8c911448081e329034a23642798e">net-imap:0.2.2</a></td><td data-sort-value="cpe:2.3:a:ruby-lang:ruby:0.2.2:*:*:*:*:*:*:*">cpe:2.3:a:ruby-lang:ruby:0.2.2:*:*:*:*:*:*:*</td><td data-sort-value="pkg:gem/net-imap@0.2.2">pkg:gem/net-imap@0.2.2</td><td data-sort-value="98.0">CRITICAL</td><td>40</td><td data-sort-value="3">Low</td><td>14</td></tr><tr class=" vulnerable"><td data-sort-value="NET-POP:0.1.1"><a href="#l59_f8593df17df8b81920650b2d166ded2b430b1f7b">net-pop:0.1.1</a></td><td data-sort-value="cpe:2.3:a:ruby-lang:ruby:0.1.1:*:*:*:*:*:*:*cpe:2.3:a:yukihiro_matsumoto:ruby:0.1.1:*:*:*:*:*:*:*">cpe:2.3:a:ruby-lang:ruby:0.1.1:*:*:*:*:*:*:*<br/>cpe:2.3:a:yukihiro_matsumoto:ruby:0.1.1:*:*:*:*:*:*:*</td><td data-sort-value="pkg:gem/net-pop@0.1.1">pkg:gem/net-pop@0.1.1</td><td data-sort-value="98.0">CRITICAL</td><td>40</td><td data-sort-value="3">Low</td><td>14</td></tr><tr class=" vulnerable"><td data-sort-value="NET-SMTP:0.3.1"><a href="#l60_1f25834284fd7c099534e6dd4c1ba9e3060eb3ac">net-smtp:0.3.1</a></td><td data-sort-value="cpe:2.3:a:ruby-lang:ruby:0.3.1:*:*:*:*:*:*:*cpe:2.3:a:yukihiro_matsumoto:ruby:0.3.1:*:*:*:*:*:*:*">cpe:2.3:a:ruby-lang:ruby:0.3.1:*:*:*:*:*:*:*<br/>cpe:2.3:a:yukihiro_matsumoto:ruby:0.3.1:*:*:*:*:*:*:*</td><td data-sort-value="pkg:gem/net-smtp@0.3.1">pkg:gem/net-smtp@0.3.1</td><td data-sort-value="98.0">CRITICAL</td><td>40</td><td data-sort-value="3">Low</td><td>14</td></tr><tr class="notvulnerable"><td data-sort-value="POWER_ASSERT:2.0.1"><a href="#l61_db412cd2da49f007c86a6e24a0d46671c964db6e">power_assert:2.0.1</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/power_assert@2.0.1">pkg:gem/power_assert@2.0.1</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>14</td></tr><tr class="notvulnerable"><td data-sort-value="PRIME:0.1.2"><a href="#l62_d1eff54409e0ca436ee574a3c3802e13fefcbef9">prime:0.1.2</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/prime@0.1.2">pkg:gem/prime@0.1.2</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>14</td></tr><tr class="notvulnerable"><td data-sort-value="RAKE:13.0.6"><a href="#l63_82f74db918159211ce77f3f42a4eba59bdf89caf">rake:13.0.6</a></td><td data-sort-value="cpe:2.3:a:ruby-lang:rake:13.0.6:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aruby-lang&cpe_product=cpe%3A%2F%3Aruby-lang%3Arake&cpe_version=cpe%3A%2F%3Aruby-lang%3Arake%3A13.0.6" target="_blank">cpe:2.3:a:ruby-lang:rake:13.0.6:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:gem/rake@13.0.6">pkg:gem/rake@13.0.6</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0">Highest</td><td>11</td></tr><tr class="notvulnerable"><td data-sort-value="REXML:3.2.5"><a href="#l64_d0714e62262794495b53e4b0cf33b01590e9634a">rexml:3.2.5</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/rexml@3.2.5">pkg:gem/rexml@3.2.5</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>11</td></tr><tr class="notvulnerable"><td data-sort-value="RSS:0.2.9"><a href="#l65_5c5314cd0b7c16c1a323f4d29fe8d5b968cd0463">rss:0.2.9</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/rss@0.2.9">pkg:gem/rss@0.2.9</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>14</td></tr><tr class="notvulnerable"><td data-sort-value="TEST-UNIT:3.5.3"><a href="#l66_83523720f20ed96f42a3fe270c8939d53e1fe008">test-unit:3.5.3</a></td><td data-sort-value=""></td><td data-sort-value="pkg:gem/test-unit@3.5.3">pkg:gem/test-unit@3.5.3</td><td data-sort-value="-10"> </td><td>0</td><td data-sort-value="0"></td><td>11</td></tr><tr class=" vulnerable"><td data-sort-value="YAML:0.2.0"><a href="#l67_4cbbaee4dab358b85daf506d4affbb4f5a1448bd">yaml:0.2.0</a></td><td data-sort-value="cpe:2.3:a:ruby-ffi_project:ruby-ffi:0.2.0:*:*:*:*:*:*:*cpe:2.3:a:ruby-lang:cgi:0.2.0:*:*:*:*:ruby:*:*cpe:2.3:a:ruby-lang:openssl:0.2.0:*:*:*:*:*:*:*cpe:2.3:a:ruby-lang:rake:0.2.0:*:*:*:*:*:*:*cpe:2.3:a:ruby-lang:rdoc:0.2.0:*:*:*:*:*:*:*cpe:2.3:a:ruby-lang:ruby:0.2.0:*:*:*:*:*:*:*">cpe:2.3:a:ruby-ffi_project:ruby-ffi:0.2.0:*:*:*:*:*:*:*<br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aruby-lang&cpe_product=cpe%3A%2F%3Aruby-lang%3Acgi&cpe_version=cpe%3A%2F%3Aruby-lang%3Acgi%3A0.2.0" target="_blank">cpe:2.3:a:ruby-lang:cgi:0.2.0:*:*:*:*:ruby:*:*</a><br/>cpe:2.3:a:ruby-lang:openssl:0.2.0:*:*:*:*:*:*:*<br/>cpe:2.3:a:ruby-lang:rake:0.2.0:*:*:*:*:*:*:*<br/>cpe:2.3:a:ruby-lang:rdoc:0.2.0:*:*:*:*:*:*:*<br/>cpe:2.3:a:ruby-lang:ruby:0.2.0:*:*:*:*:*:*:*</td><td data-sort-value="pkg:gem/yaml@0.2.0">pkg:gem/yaml@0.2.0</td><td data-sort-value="98.0">CRITICAL</td><td>45</td><td data-sort-value="0">Highest</td><td>453</td></tr></table><h2>Dependencies</h2> <h3 class="subsectionheader standardsubsection notvulnerable"><a name="l1_ad69c29a9ba739e6f0cff36366352e002ad515b0"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jffi:1.3.10)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Java Foreign Function Interface</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jffi/pom.xml<br/><b>MD5:</b> 538df8b2b75870c36805a233849e61f1<br/><b>SHA1:</b> ad69c29a9ba739e6f0cff36366352e002ad515b0<br/><b>SHA256:</b>3e53aba32eaccc85caa23071ffc1a9475f18def722689148a2970e10156411b8</p><h4 id="header1" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content1" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jffi</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jffi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jffi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jffi</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.3.10</td><td>Highest</td></tr></table></div><h4 id="header2" class="subsectionheader white">Identifiers</h4><div id="content2" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jffi@1.3.10 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l2_17a5a92b79393a59e19ba38e1bdf8252a660e359"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-a64asm:1.0.0)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A pure-java A64 assembler</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-a64asm/pom.xml<br/><b>MD5:</b> 49cf6d2169962d46d987325c15c3ca65<br/><b>SHA1:</b> 17a5a92b79393a59e19ba38e1bdf8252a660e359<br/><b>SHA256:</b>9dd9c299ca3ec9287db2ec26571a5cc611dc21a1a4f5d2ef1255a924face47a8</p><h4 id="header3" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content3" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-a64asm</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>ossdev@puresoftware.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>ossdev</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>ossdev</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-a64asm</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-a64asm</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>ossdev@puresoftware.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>ossdev</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>ossdev</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-a64asm</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.0.0</td><td>Highest</td></tr></table></div><h4 id="header4" class="subsectionheader white">Identifiers</h4><div id="content4" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-a64asm@1.0.0 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l3_7f1b4d9764ee6aa6c1a7b6e72a9cb7c780b27555"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-constants:0.10.4)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A set of platform constants (e.g. errno values)</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-constants/pom.xml<br/><b>MD5:</b> 82e0fd82b9e99de324449c472989c765<br/><b>SHA1:</b> 7f1b4d9764ee6aa6c1a7b6e72a9cb7c780b27555<br/><b>SHA256:</b>e2fb974cad142b021e700a50cd7a4e908f02e4f3b356cc0abbe93d8ab49774b5</p><h4 id="header5" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content5" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-constants</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-constants</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-constants</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-constants</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-constants</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-constants</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.10.4</td><td>Highest</td></tr></table></div><h4 id="header6" class="subsectionheader white">Identifiers</h4><div id="content6" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-constants@0.10.4 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l4_8c1fd848724534f7c129860ce817749a939a583f"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-enxio:0.32.14)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Native I/O access for java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-enxio/pom.xml<br/><b>MD5:</b> 1fc80e97e28f59c8c67a4f5793e34cdc<br/><b>SHA1:</b> 8c1fd848724534f7c129860ce817749a939a583f<br/><b>SHA256:</b>b33e950f00a367ac989e029b39cfc5063639c41570752b6654c52ff9e83917aa</p><h4 id="header7" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content7" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-enxio</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-enxio</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-enxio</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-enxio</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-enxio</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-enxio</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.32.14</td><td>Highest</td></tr></table></div><h4 id="header8" class="subsectionheader white">Identifiers</h4><div id="content8" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-enxio@0.32.14 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l5_921a9ca28d8aa484222d2584d96b0588d35b8fb8"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-ffi:2.2.13)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A library for invoking native functions from java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-ffi/pom.xml<br/><b>MD5:</b> d70aacb251fe495ad5fd41f9d71fe48f<br/><b>SHA1:</b> 921a9ca28d8aa484222d2584d96b0588d35b8fb8<br/><b>SHA256:</b>d8b8107bd75b2e6a7f220a3f87ecc85802ed4963d30dabc6dcbc0a741f79c7ad</p><h4 id="header9" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content9" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-ffi</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-ffi</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-ffi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-ffi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-ffi</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-ffi</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.2.13</td><td>Highest</td></tr></table></div><h4 id="header10" class="subsectionheader white">Identifiers</h4><div id="content10" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-ffi@2.2.13 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l6_3a6045d944a9b4720156cd533ca1cbd1f22bc4b5"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-netdb:1.2.0)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Lookup TCP and UDP services from java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-netdb/pom.xml<br/><b>MD5:</b> 5f7adefaf9448cf27718e23106a879f9<br/><b>SHA1:</b> 3a6045d944a9b4720156cd533ca1cbd1f22bc4b5<br/><b>SHA256:</b>44e976a6bf822ff20321b19940387b90a8ade8aaeeacbeecb55171cf2d40f1e7</p><h4 id="header11" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content11" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-netdb</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-netdb</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-netdb</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-netdb</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-netdb</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-netdb</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.2.0</td><td>Highest</td></tr></table></div><h4 id="header12" class="subsectionheader white">Identifiers</h4><div id="content12" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-netdb@1.2.0 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l7_6f2668db6c9f555fe21001ffcf5362f277b563ff"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-posix:3.1.16)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre> | |
Common cross-project/cross-platform POSIX APIs | |
</pre></p><p><b>License:</b><pre class="indent">Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/ | |
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html | |
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-posix/pom.xml<br/><b>MD5:</b> fd38ddfd513ebbf901597fe101488bb2<br/><b>SHA1:</b> 6f2668db6c9f555fe21001ffcf5362f277b563ff<br/><b>SHA256:</b>9dc198502c520bdb1a4b57a988bf3e4a55eb5ff9bcc2b1ac9591169766373193</p><h4 id="header13" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content13" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-posix</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>tom.enebo@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>enebo</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Thomas E Enebo</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-posix</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-posix</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>tom.enebo@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>enebo</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Thomas E Enebo</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-posix</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.1.16</td><td>Highest</td></tr></table></div><h4 id="header14" class="subsectionheader white">Identifiers</h4><div id="content14" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-posix@3.1.16 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l8_4b51870268677335b2ebf31549b66d0dc8657fbd"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-unixsocket:0.38.19)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>UNIX socket channels for java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-unixsocket/pom.xml<br/><b>MD5:</b> c041381cb8946a21ecbe7a9a5c455d39<br/><b>SHA1:</b> 4b51870268677335b2ebf31549b66d0dc8657fbd<br/><b>SHA256:</b>0f418d7204fa7a2fcb03a3896e1b62d7162d76cafc5c61e4edde491abeeedd90</p><h4 id="header15" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content15" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-unixsocket</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>fritz-github@fritz-elfert.de</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>felfert</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Fritz Elfert</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-unixsocket</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-unixsocket</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-unixsocket</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>fritz-github@fritz-elfert.de</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>felfert</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Fritz Elfert</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-unixsocket</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-unixsocket</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.38.19</td><td>Highest</td></tr></table></div><h4 id="header16" class="subsectionheader white">Identifiers</h4><div id="content16" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-unixsocket@0.38.19 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l9_91de5c25955d1f321832738dce614b45e9939050"></a>jruby-complete-9.4.0.0.jar (shaded: com.github.jnr:jnr-x86asm:1.0.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A pure-java X86 and X86_64 assembler</pre></p><p><b>License:</b><pre class="indent">MIT License: http://www.opensource.org/licenses/mit-license.php</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.github.jnr/jnr-x86asm/pom.xml<br/><b>MD5:</b> cb16b0b890c8b7a726a547ca0b58d00a<br/><b>SHA1:</b> 91de5c25955d1f321832738dce614b45e9939050<br/><b>SHA256:</b>ea862ce3bd96ccb8ca36b8e9e7baef2da3fbbfbdc256baeaa8c8a873911074e7</p><h4 id="header17" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content17" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jnr-x86asm</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jnr-x86asm</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-x86asm</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jnr-x86asm</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>wmeissner@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>wmeissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Wayne Meissner</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.github.jnr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jnr-x86asm</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/jnr/jnr-x86asm</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.0.2</td><td>Highest</td></tr></table></div><h4 id="header18" class="subsectionheader white">Identifiers</h4><div id="content18" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.github.jnr/jnr-x86asm@1.0.2 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l10_c0b388a50a3030e56089ada5154366529a5da213"></a>jruby-complete-9.4.0.0.jar (shaded: com.headius:backport9:1.12)</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.headius/backport9/pom.xml<br/><b>MD5:</b> 1af02442211713e3e00a1b7f8bf7a92e<br/><b>SHA1:</b> c0b388a50a3030e56089ada5154366529a5da213<br/><b>SHA256:</b>861b04ed538064ff8053aa619cdd407a7d290e7623be8d38719fa7633dd96f5a</p><h4 id="header19" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content19" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>backport9</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>backport9</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.12</td><td>Highest</td></tr></table></div><h4 id="header20" class="subsectionheader white">Identifiers</h4><div id="content20" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.headius/backport9@1.12 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l11_a6c6a3452366292f645d1f80612a984367f5ec13"></a>jruby-complete-9.4.0.0.jar (shaded: com.headius:invokebinder:1.12)</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.headius/invokebinder/pom.xml<br/><b>MD5:</b> d1ba5bea2e98d321d3bc7f7bc6c512ff<br/><b>SHA1:</b> a6c6a3452366292f645d1f80612a984367f5ec13<br/><b>SHA256:</b>0fd6ec9c1ab88504895a8a88d4a1a538a04be59bc5a889d610bf4035224653b5</p><h4 id="header21" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content21" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>invokebinder</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>invokebinder</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://maven.apache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>invokebinder</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>invokebinder</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://maven.apache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.12</td><td>Highest</td></tr></table></div><h4 id="header22" class="subsectionheader white">Identifiers</h4><div id="content22" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.headius/invokebinder@1.12 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l12_78e835c2bb1a934075961f2954452a0871b931be"></a>jruby-complete-9.4.0.0.jar (shaded: com.headius:options:1.6)</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.headius/options/pom.xml<br/><b>MD5:</b> ab8aa85f5cc1c1d0ff704b1dc3837e2a<br/><b>SHA1:</b> 78e835c2bb1a934075961f2954452a0871b931be<br/><b>SHA256:</b>b5597f285a7c770acb92cef914788c613c7beaf79eace8a9f56d7f5026a5817e</p><h4 id="header23" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content23" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>options</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>options</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>headius/options</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>options</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.headius</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>options</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>headius/options</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.6</td><td>Highest</td></tr></table></div><h4 id="header24" class="subsectionheader white">Identifiers</h4><div id="content24" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.headius/options@1.6 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l13_6e6789004c70477a6e2ea92c066b757534e63a10"></a>jruby-complete-9.4.0.0.jar (shaded: com.jcraft:jzlib:1.1.3)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>JZlib is a re-implementation of zlib in pure Java</pre></p><p><b>License:</b><pre class="indent">BSD: http://www.jcraft.com/jzlib/LICENSE.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/com.jcraft/jzlib/pom.xml<br/><b>MD5:</b> 856f139610c4e36c1b0bdb5ad007c2a5<br/><b>SHA1:</b> 6e6789004c70477a6e2ea92c066b757534e63a10<br/><b>SHA256:</b>edb67251608556ad9584d00e46b5ef38ecf1246d571c0f80f24f50b285a9f682</p><h4 id="header25" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content25" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jzlib</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>ymnk at jcraft D0t com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>ymnk</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Atsuhiko Yamanaka</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer org</td><td>JCraft,Inc.</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer org URL</td><td>http://www.jcraft.com/</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>com.jcraft</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JZlib</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>jcraft</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.jcraft.com/</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.jcraft.com/jzlib/</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jzlib</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>ymnk at jcraft D0t com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>ymnk</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Atsuhiko Yamanaka</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer org</td><td>JCraft,Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer org URL</td><td>http://www.jcraft.com/</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>com.jcraft</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JZlib</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>jcraft</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.jcraft.com/</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.jcraft.com/jzlib/</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.1.3</td><td>Highest</td></tr></table></div><h4 id="header26" class="subsectionheader white">Identifiers</h4><div id="content26" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/com.jcraft/jzlib@1.1.3 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajcraft&cpe_product=cpe%3A%2F%3Ajcraft%3Ajzlib&cpe_version=cpe%3A%2F%3Ajcraft%3Ajzlib%3A1.1.3" target="_blank">cpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: com.jcraft:jzlib:1.1.3)" data-sha1="6e6789004c70477a6e2ea92c066b757534e63a10" data-pkgurl="pkg:maven/com.jcraft/jzlib@1.1.3" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jcraft:jzlib">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l14_d6b3422231b9c976bc409b906f114fa0697b280c"></a>jruby-complete-9.4.0.0.jar (shaded: joda-time:joda-time:2.10.10)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Date and time library to replace JDK date handling</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/joda-time/joda-time/pom.xml<br/><b>MD5:</b> ef13c82390e8506f05364178a3300018<br/><b>SHA1:</b> d6b3422231b9c976bc409b906f114fa0697b280c<br/><b>SHA256:</b>9c62e83b103e38b10351603e246d7e54899d4a8f1d305176f5546dd3f8c55358</p><h4 id="header27" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content27" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>joda-time</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>broneill</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>jodastephen</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Brian S O'Neill</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Stephen Colebourne</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>joda-time</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Joda-Time</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Joda.org</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://www.joda.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://www.joda.org/joda-time/</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>joda-time</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>broneill</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>jodastephen</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Brian S O'Neill</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Stephen Colebourne</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>joda-time</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Joda-Time</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Joda.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://www.joda.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://www.joda.org/joda-time/</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.10.10</td><td>Highest</td></tr></table></div><h4 id="header28" class="subsectionheader white">Identifiers</h4><div id="content28" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/joda-time/joda-time@2.10.10 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Atime_project&cpe_product=cpe%3A%2F%3Atime_project%3Atime&cpe_version=cpe%3A%2F%3Atime_project%3Atime%3A2.10.10" target="_blank">cpe:2.3:a:time_project:time:2.10.10:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: joda-time:joda-time:2.10.10)" data-sha1="d6b3422231b9c976bc409b906f114fa0697b280c" data-pkgurl="pkg:maven/joda-time/joda-time@2.10.10" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:time_project:time">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l15_63a1b1c6c7ac7c29e8d7a065a9c2649058455749"></a>jruby-complete-9.4.0.0.jar (shaded: me.qmx.jitescript:jitescript:0.4.1)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Java API for Bytecode</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/me.qmx.jitescript/jitescript/pom.xml<br/><b>MD5:</b> a8244f2c8843244d8934742315b47154<br/><b>SHA1:</b> 63a1b1c6c7ac7c29e8d7a065a9c2649058455749<br/><b>SHA256:</b>4001176ebaedccf43616c92dad87d0d305b54000cfae4e999675e8acb35735f6</p><h4 id="header29" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content29" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jitescript</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>qmx@qmx.me</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>qmx</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Douglas Campos</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>me.qmx.jitescript</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jitescript</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>qmx/jitescript</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jitescript</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>qmx@qmx.me</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>qmx</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Douglas Campos</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>me.qmx.jitescript</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jitescript</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>qmx/jitescript</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.4.1</td><td>Highest</td></tr></table></div><h4 id="header30" class="subsectionheader white">Identifiers</h4><div id="content30" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/me.qmx.jitescript/jitescript@0.4.1 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l16_b017398f93b3cc006a598e045ce2bd5a706ee3d4"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby.jcodings:jcodings:1.0.58)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Byte based encoding support library for java</pre></p><p><b>License:</b><pre class="indent">MIT License: http://www.opensource.org/licenses/mit-license.php</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby.jcodings/jcodings/pom.xml<br/><b>MD5:</b> 3c534059143675199e2a287fd1f999b1<br/><b>SHA1:</b> b017398f93b3cc006a598e045ce2bd5a706ee3d4<br/><b>SHA256:</b>9b3026d81f7dfa03503dcb83e9ecb35db33ee48fa2f46912fc798ef206256468</p><h4 id="header31" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content31" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jcodings</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>lopx@gazeta.pl</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>headius</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>lopex</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Marcin Mielzynski</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby.jcodings</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JCodings</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jcodings</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>headius@headius.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>lopx@gazeta.pl</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>headius</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>lopex</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Charles Oliver Nutter</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Marcin Mielzynski</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby.jcodings</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JCodings</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.0.58</td><td>Highest</td></tr></table></div><h4 id="header32" class="subsectionheader white">Identifiers</h4><div id="content32" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby.jcodings/jcodings@1.0.58 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l17_7185b2492b4a79fb5bbf624fec0610fe4abf4aa0"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby.joni:joni:2.1.44)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre> | |
Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma | |
that uses byte arrays directly instead of java Strings and chars | |
</pre></p><p><b>License:</b><pre class="indent">MIT License: http://www.opensource.org/licenses/mit-license.php</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby.joni/joni/pom.xml<br/><b>MD5:</b> 2f6ee0c4603f950b5b9a90e70aa371a5<br/><b>SHA1:</b> 7185b2492b4a79fb5bbf624fec0610fe4abf4aa0<br/><b>SHA256:</b>83735d82abd1887a65e78c7a47ac1c3804f88f43b92f513fc5af4d1ced7cde0e</p><h4 id="header33" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content33" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>joni</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>lopx@gazeta.pl</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>lopex</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Marcin Mielzynski</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby.joni</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Joni</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>joni</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>lopx@gazeta.pl</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>lopex</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Marcin Mielzynski</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby.joni</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Joni</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.44</td><td>Highest</td></tr></table></div><h4 id="header34" class="subsectionheader white">Identifiers</h4><div id="content34" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby.joni/joni@2.1.44 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l18_91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby:dirgra:0.3)</h3><div class="subsectioncontent"><p><b>Description:</b><pre>Simple Directed Graph</pre></p><p><b>License:</b><pre class="indent">EPL: http://www.eclipse.org/legal/epl-v10.html</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby/dirgra/pom.xml<br/><b>MD5:</b> 4d7f76247a22e56064ab9db464794cd4<br/><b>SHA1:</b> 91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2<br/><b>SHA256:</b>d0f49f7eaf14307bc8ce44b14fe999c1330e029043f6e8a125b5a9f7ed1c417a</p><h4 id="header35" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content35" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>dirgra</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>tom.enebo@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>enebo</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Thomas E. Enebo</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Dirgra</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>jruby/dirgra</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>dirgra</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>tom.enebo@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>enebo</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Thomas E. Enebo</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Dirgra</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>jruby/dirgra</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.3</td><td>Highest</td></tr></table></div><h4 id="header36" class="subsectionheader white">Identifiers</h4><div id="content36" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby/dirgra@0.3 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A0.3" target="_blank">cpe:2.3:a:jruby:jruby:0.3:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:dirgra:0.3)" data-sha1="91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2" data-pkgurl="pkg:maven/org.jruby/dirgra@0.3" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div><h4 id="header37" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content37" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4838">CVE-2011-4838</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:dirgra:0.3)" data-sha1="91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2" data-pkgurl="pkg:maven/org.jruby/dirgra@0.3" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4838">suppress</button></p><p><pre>JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</pre>CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html">20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/903934">VU#903934</a></li><li>CONFIRM - <a target="_blank" href="http://jruby.org/2011/12/27/jruby-1-6-5-1.html">http://jruby.org/2011/12/27/jruby-1-6-5-1.html</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-201207-06.xml">GLSA-201207-06</a></li><li>MISC - <a target="_blank" href="http://www.nruns.com/_downloads/advisory28122011.pdf">http://www.nruns.com/_downloads/advisory28122011.pdf</a></li><li>MISC - <a target="_blank" href="http://www.ocert.org/advisories/ocert-2011-003.html">http://www.ocert.org/advisories/ocert-2011-003.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1232.html">RHSA-2012:1232</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/47407">47407</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/50084">50084</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72019">jruby-hash-dos(72019)</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs1"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.5.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1330">CVE-2010-1330</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:dirgra:0.3)" data-sha1="91c78b3f134c5b1f04d3a6447d246cf0a0d9a8e2" data-pkgurl="pkg:maven/org.jruby/dirgra@0.3" data-type-to-suppress="cve" data-id-to-suppress="CVE-2010-1330">suppress</button></p><p><pre>The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html">http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html</a></li><li>MISC - <a target="_blank" href="https://bugs.gentoo.org/show_bug.cgi?id=317435">https://bugs.gentoo.org/show_bug.cgi?id=317435</a></li><li>MISC - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=750306">https://bugzilla.redhat.com/show_bug.cgi?id=750306</a></li><li>OSVDB - <a target="_blank" href="http://www.osvdb.org/77297">77297</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2011-1456.html">RHSA-2011:1456</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/46891">46891</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/80277">jruby-expression-engine-xss(80277)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs2">show all</a>)<ul><li class="vs2"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs2">...</li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.0">cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.1">cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.2">cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.8">cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.9">cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0">cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc1">cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc2">cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc3">cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.1">cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.2">cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.3">cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1">cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Abeta1">cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc1">cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc2">cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc3">cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.1">cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.2">cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.3">cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.4">cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.5">cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6">cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6%3Arc1">cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0">cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc1">cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc2">cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0">cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc1">cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc2">cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.1">cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc1">cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc2">cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc3">cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l19_6eb4dded03e5279d795ad1f6bfe726a82dc27915"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-base:9.4.0.0)</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby/jruby-base/pom.xml<br/><b>MD5:</b> ecab74d79549e8bb5f3dfe5229cf742a<br/><b>SHA1:</b> 6eb4dded03e5279d795ad1f6bfe726a82dc27915<br/><b>SHA256:</b>ea0cb82a1f69b4ca7e2a5193464d8c1e56263c7bc254d25746ccb26a9257a457</p><h4 id="header38" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content38" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-base</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby Base</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-base</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby Base</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.4.0.0</td><td>Highest</td></tr></table></div><h4 id="header39" class="subsectionheader white">Identifiers</h4><div id="content39" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby/jruby-base@9.4.0.0 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-base:9.4.0.0)" data-sha1="6eb4dded03e5279d795ad1f6bfe726a82dc27915" data-pkgurl="pkg:maven/org.jruby/jruby-base@9.4.0.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l20_75e6ff592d2bb2efbe489581f6ed44553ac7bc1d"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-core:9.4.0.0)</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby/jruby-core/pom.xml<br/><b>MD5:</b> 0f8210f029db9962430e9cebde102505<br/><b>SHA1:</b> 75e6ff592d2bb2efbe489581f6ed44553ac7bc1d<br/><b>SHA256:</b>89217f29bc49c6c494fb16d5341fe01ef4f41f15d9bc010b1846217c67cbc18e</p><h4 id="header40" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content40" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-core</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby Core</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby Core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.4.0.0</td><td>Highest</td></tr></table></div><h4 id="header41" class="subsectionheader white">Identifiers</h4><div id="content41" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby/jruby-core@9.4.0.0 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-core:9.4.0.0)" data-sha1="75e6ff592d2bb2efbe489581f6ed44553ac7bc1d" data-pkgurl="pkg:maven/org.jruby/jruby-core@9.4.0.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l21_e617db8785e1bf7596d91bbe4c938ad998372723"></a>jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-stdlib:9.4.0.0)</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/maven/org.jruby/jruby-stdlib/pom.xml<br/><b>MD5:</b> 90d2e9c4577f1d6e28efad7276a3fac0<br/><b>SHA1:</b> e617db8785e1bf7596d91bbe4c938ad998372723<br/><b>SHA256:</b>77bcb2c45647f9b58e4ce5eaaa11140c18ad369eb9e64c22d9ccb5a6bbf6ecff</p><h4 id="header42" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content42" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-stdlib</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby Lib Setup</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-stdlib</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby Lib Setup</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jruby-parent</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.4.0.0</td><td>Highest</td></tr></table></div><h4 id="header43" class="subsectionheader white">Identifiers</h4><div id="content43" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby/jruby-stdlib@9.4.0.0 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar (shaded: org.jruby:jruby-stdlib:9.4.0.0)" data-sha1="e617db8785e1bf7596d91bbe4c938ad998372723" data-pkgurl="pkg:maven/org.jruby/jruby-stdlib@9.4.0.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l22_1d915bd287a262b14c449a2cd2382ac4f103cd85"></a>jruby-complete-9.4.0.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>JRuby 9.4.0.0 OSGi bundle</pre></p><p><b>License:</b><pre class="indent"><a href="http://www.gnu.org/licenses/gpl-2.0-standalone.html, http://www.gnu.org/licenses/lgpl-2.1-standalone.html, http://www.eclipse.org/legal/epl-v20.html">http://www.gnu.org/licenses/gpl-2.0-standalone.html, http://www.gnu.org/licenses/lgpl-2.1-standalone.html, http://www.eclipse.org/legal/epl-v20.html</a></pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar<br/><b>MD5:</b> e0a1c0df7ee9fe1f1d295ce82cdb973b<br/><b>SHA1:</b> 1d915bd287a262b14c449a2cd2382ac4f103cd85<br/><b>SHA256:</b>e6817cf528976a50a054910f006ee34df07c4580c8a2a4c8c8d61cda0238a108</p><h4 id="header44" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content44" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jruby-complete</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.jruby.complete</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://www.jruby.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jruby.jruby</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>embed-transitive</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-complete</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby Complete</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jruby-artifacts</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jruby-complete</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jruby</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>osgi</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.jruby.complete</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://www.jruby.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>JRuby 9.4.0.0</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jruby.jruby</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>embed-transitive</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-complete</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby Complete</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jruby-artifacts</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>9.4.0.0</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>9.4.0.0</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.4.0.0</td><td>Highest</td></tr></table></div><h4 id="header45" class="subsectionheader white">Identifiers</h4><div id="content45" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.jruby/jruby-complete@9.4.0.0 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A9.4.0.0" target="_blank">cpe:2.3:a:jruby:jruby:9.4.0.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar" data-sha1="1d915bd287a262b14c449a2cd2382ac4f103cd85" data-pkgurl="pkg:maven/org.jruby/jruby-complete@9.4.0.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l23_211bcae48a96c688ca215394d631eec2b874fff1"></a>jruby-complete-9.4.0.0.jar: bcpkix-jdk18on-1.71.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar<br/><b>MD5:</b> bf38adbe16ac8db811c86aacb81a561e<br/><b>SHA1:</b> 211bcae48a96c688ca215394d631eec2b874fff1<br/><b>SHA256:</b>4bd35767ba9228d63c2f293ba1cc71dae788370b5e036359c8e8174996854e3c</p><h4 id="header46" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content46" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>bcpkix-jdk18on</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>pkix</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle PKIX API</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.pkix</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcpkix</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcpkix</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>BouncyCastle.org</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.bouncycastle</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>BouncyCastle.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>bcpkix-jdk18on</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>pkix</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle PKIX API</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.pkix</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>bcpkix</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcpkix</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcpkix</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>name</td><td>bcpkix-jdk18on</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.71.00.0</td><td>High</td></tr></table></div><h4 id="header47" class="subsectionheader white">Identifiers</h4><div id="content47" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l24_943e8d0c2bd592ad78759c39d6f749fafaf29cf4"></a>jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar<br/><b>MD5:</b> bf1578f78f5db468a5f21ee8f8e42b0d<br/><b>SHA1:</b> 943e8d0c2bd592ad78759c39d6f749fafaf29cf4<br/><b>SHA256:</b>f3433a97d780fe9fa3dc3d562a41decd59b2e617ce884de9060349ac14750045</p><h4 id="header48" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content48" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>bcprov-jdk18on</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>provider</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle Provider</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.provider</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcprov</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcprovider</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>BouncyCastle.org</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.bouncycastle</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>BouncyCastle.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>bcprov-jdk18on</td><td>High</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>legion-of-the-bouncy-castle-java-crytography-api</td><td>High</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>the_bouncy_castle_crypto_package_for_java</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>provider</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle Provider</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.provider</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>bcprov</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcprov</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcprovider</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.71.0</td><td>High</td></tr></table></div><h4 id="header49" class="subsectionheader white">Identifiers</h4><div id="content49" class="subsectioncontent standardsubsection"><ul><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Abouncy-castle-crypto-package&cpe_version=cpe%3A%2F%3Abouncycastle%3Abouncy-castle-crypto-package%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.71:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar" data-sha1="943e8d0c2bd592ad78759c39d6f749fafaf29cf4" data-pkgurl="" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:bouncycastle:bouncy-castle-crypto-package">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Abouncy_castle_crypto_package&cpe_version=cpe%3A%2F%3Abouncycastle%3Abouncy_castle_crypto_package%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.71:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar" data-sha1="943e8d0c2bd592ad78759c39d6f749fafaf29cf4" data-pkgurl="" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:bouncycastle:bouncy_castle_crypto_package">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle&cpe_version=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.71:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar" data-sha1="943e8d0c2bd592ad78759c39d6f749fafaf29cf4" data-pkgurl="" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:bouncycastle:legion-of-the-bouncy-castle">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle-java-crytography-api&cpe_version=cpe%3A%2F%3Abouncycastle%3Alegion-of-the-bouncy-castle-java-crytography-api%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.71:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar" data-sha1="943e8d0c2bd592ad78759c39d6f749fafaf29cf4" data-pkgurl="" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Abouncycastle&cpe_product=cpe%3A%2F%3Abouncycastle%3Athe_bouncy_castle_crypto_package_for_java&cpe_version=cpe%3A%2F%3Abouncycastle%3Athe_bouncy_castle_crypto_package_for_java%3A1.71" target="_blank">cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.71:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: bcprov-jdk18on-1.71.jar" data-sha1="943e8d0c2bd592ad78759c39d6f749fafaf29cf4" data-pkgurl="" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:bouncycastle:the_bouncy_castle_crypto_package_for_java">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l25_6a2d887b25de4db3531ff77df39dcdd32787e585"></a>jruby-complete-9.4.0.0.jar: bctls-jdk18on-1.71.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar<br/><b>MD5:</b> 65f432d6f929d6d52672528b3290858b<br/><b>SHA1:</b> 6a2d887b25de4db3531ff77df39dcdd32787e585<br/><b>SHA256:</b>4881ba9e96a789c6f1d54124f89bbd508cbd53e9c80119dea023637cce4e3694</p><h4 id="header50" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content50" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>bctls-jdk18on</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>provider</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>tls</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle TLS API and Provider</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.tls</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>bctls</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bctls</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>BouncyCastle.org</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.bouncycastle</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>BouncyCastle.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>bctls-jdk18on</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>provider</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>tls</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle TLS API and Provider</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.tls</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>bctls</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>bctls</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bctls</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>name</td><td>bctls-jdk18on</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.71.00.0</td><td>High</td></tr></table></div><h4 id="header51" class="subsectionheader white">Identifiers</h4><div id="content51" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l26_57daa18bc93730eab46291d9b55a15480e013265"></a>jruby-complete-9.4.0.0.jar: bcutil-jdk18on-1.71.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar<br/><b>MD5:</b> 06dde1f2adc6f01803554c0162214202<br/><b>SHA1:</b> 57daa18bc93730eab46291d9b55a15480e013265<br/><b>SHA256:</b>ac75ae3fabf2cb81210b3648fbe36aaed8d8c453bbeaac40e3b5031c7677197a</p><h4 id="header52" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content52" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>bcutil-jdk18on</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>oer</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle Utility APIs</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.util</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcutil</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcutil</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>BouncyCastle.org</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.bouncycastle</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>BouncyCastle.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>bcutil-jdk18on</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bouncycastle</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>oer</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>application-library-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>application-name</td><td>Bouncy Castle Utility APIs</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.bouncycastle.util</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>bcutil</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>bcutil</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>caller-allowable-codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>codebase</td><td>*</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>org.bouncycastle.bcutil</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>25.312-b07 (Private Build)</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>permissions</td><td>all-permissions</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>trusted-library</td><td>true</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>name</td><td>bcutil-jdk18on</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.71</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.71.00.0</td><td>High</td></tr></table></div><h4 id="header53" class="subsectionheader white">Identifiers</h4><div id="content53" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l27_3db40231f23513637dc2d89300866bab97b9019f"></a>jruby-complete-9.4.0.0.jar: cparse-jruby.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/racc/cparse-jruby.jar<br/><b>MD5:</b> 906f9b27b030e736e50cbfa4caafa8d6<br/><b>SHA1:</b> 3db40231f23513637dc2d89300866bab97b9019f<br/><b>SHA256:</b>e93de9f53cd7c65cd531349fcd9c9db02ed66497d9c5f4738aec8c33675e030a</p><h4 id="header54" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content54" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>cparse-jruby</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>headius</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>racc</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>cparse-jruby</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>racc</td><td>Low</td></tr></table></div><h4 id="header55" class="subsectionheader white">Identifiers</h4><div id="content55" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l28_5de3c13a83ac02d213bacc7c5642673b7692f1c9"></a>jruby-complete-9.4.0.0.jar: darkfish.js</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/darkfish/js/darkfish.js<br/><b>MD5:</b> 14a006c8a8c126d3a032db6a6778a2d6<br/><b>SHA1:</b> 5de3c13a83ac02d213bacc7c5642673b7692f1c9<br/><b>SHA256:</b>00cb86c2c4b1d8d18f1971ca0b2cd7eb5ecad12a68db6c78d575e053a853ce39</p><h4 id="header56" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content56" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header57" class="subsectionheader white">Identifiers</h4><div id="content57" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l29_ec9fc8554da4b74cba72c8074d4dd42db3e3b734"></a>jruby-complete-9.4.0.0.jar: digest.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/digest.jar<br/><b>MD5:</b> 6b41cf703fa8e6eab59603d967ef62f8<br/><b>SHA1:</b> ec9fc8554da4b74cba72c8074d4dd42db3e3b734<br/><b>SHA256:</b>a764ee8dd12fd6fcb70da803ba7daa63a10290646c05b952aa0f8339536a77f3</p><h4 id="header58" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content58" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>digest</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>digest</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>digest</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>digest</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr></table></div><h4 id="header59" class="subsectionheader white">Identifiers</h4><div id="content59" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l30_19179a67dc685dca54bf47693a6b5f2ba39611ca"></a>jruby-complete-9.4.0.0.jar: escape.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/cgi/escape.jar<br/><b>MD5:</b> c2d3711400d206fd186d6528d7411622<br/><b>SHA1:</b> 19179a67dc685dca54bf47693a6b5f2ba39611ca<br/><b>SHA256:</b>6ac25fe505f45188d8c565a1a7f26759374249cb78aa204fc481bc8598f6b64e</p><h4 id="header60" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content60" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>escape</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>cgi</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>escape</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>cgi</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>escape</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr></table></div><h4 id="header61" class="subsectionheader white">Identifiers</h4><div id="content61" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l31_16dc3207f02d0a2f327535f305341f7f65240f90"></a>jruby-complete-9.4.0.0.jar: fileutils.gemspec</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Several file utility methods for copying, moving, removing, etc.</pre></p><p><b>License:</b><pre class="indent">BSD-2-Clause</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/fileutils/fileutils.gemspec<br/><b>MD5:</b> 788ee8362b466d97d5d82361e6876bf5<br/><b>SHA1:</b> 16dc3207f02d0a2f327535f305341f7f65240f90<br/><b>SHA256:</b>e5106c8ad4c687949f82b8a7e5e915018a829bc42f716d344d4992503998980d</p><h4 id="header62" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content62" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>fileutils</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Minero Aoki</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>nil</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/fileutils</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>BSD-2-Clause</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>name_project</td><td>fileutils_project</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>fileutils</td><td>High</td></tr><tr><td>Product</td><td>gemspec</td><td>name</td><td>fileutils</td><td>Highest</td></tr><tr><td>Product</td><td>gemspec</td><td>summary</td><td>Several file utility methods for copying, moving, removing, etc.</td><td>Low</td></tr></table></div><h4 id="header63" class="subsectionheader white">Identifiers</h4><div id="content63" class="subsectioncontent standardsubsection"><ul><li>pkg:gem/fileutils (<i>Confidence</i>:Highest)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l32_320251ec9ef0c596fdbfffb796f5cd103827b7ba"></a>jruby-complete-9.4.0.0.jar: generator.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/json/ext/generator.jar<br/><b>MD5:</b> 3283c0ddb83e531bc837f528f8a49b60<br/><b>SHA1:</b> 320251ec9ef0c596fdbfffb796f5cd103827b7ba<br/><b>SHA256:</b>dfc1f6d185878d54dd5baf20b017f6d7a26787bc4e687f384f5ee3053b3f7ff9</p><h4 id="header64" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content64" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>generator</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>json</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>generator</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr></table></div><h4 id="header65" class="subsectionheader white">Identifiers</h4><div id="content65" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l33_07d30c6407fefad8df4b6afc4d85f83e547975ca"></a>jruby-complete-9.4.0.0.jar: jffi-1.2.dll</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/jni/i386-Windows/jffi-1.2.dll<br/><b>MD5:</b> 841e60814ed6b2971a47b267aef1c58a<br/><b>SHA1:</b> 07d30c6407fefad8df4b6afc4d85f83e547975ca<br/><b>SHA256:</b>d63b0ec9a7cc75c26fa951928bf550c0e9a5e6c195a3de94a9c24995206bbfd2</p><h4 id="header66" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content66" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>name</td><td>jffi</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.2</td><td>High</td></tr></table></div><h4 id="header67" class="subsectionheader white">Identifiers</h4><div id="content67" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l34_5ca292116336ee4ceed00d10e756afea580e62cf"></a>jruby-complete-9.4.0.0.jar: jffi-1.2.dll</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/jni/x86_64-Windows/jffi-1.2.dll<br/><b>MD5:</b> 5d80b61c1f9e31860c17b3a410948e7e<br/><b>SHA1:</b> 5ca292116336ee4ceed00d10e756afea580e62cf<br/><b>SHA256:</b>58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef</p><h4 id="header68" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content68" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jffi</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>name</td><td>jffi</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.2</td><td>High</td></tr></table></div><h4 id="header69" class="subsectionheader white">Identifiers</h4><div id="content69" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l35_c3aeac59c022bdc497c8c48ed86fa50450e4896a"></a>jruby-complete-9.4.0.0.jar: jline-2.14.6.jar</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">The BSD License: http://www.opensource.org/licenses/bsd-license.php</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar<br/><b>MD5:</b> 480423551649bc6980b43f09e4717272<br/><b>SHA1:</b> c3aeac59c022bdc497c8c48ed86fa50450e4896a<br/><b>SHA256:</b>97d1acaac82409be42e622d7a54d3ae9d08517e8aefdea3d2ba9791150c2f02d</p><h4 id="header70" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content70" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jline</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jline</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>jline</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jline</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>gnodet@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>jason@planet57.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>mprudhom@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>gnodet</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>jdillon</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>mprudhom</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Guillaume Nodet</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Jason Dillon</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Marc Prud'hommeaux</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>jline</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JLine</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jline</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jline</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>JLine</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>jline</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jline</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>gnodet@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>jason@planet57.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>mprudhom@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>gnodet</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>jdillon</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>mprudhom</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Guillaume Nodet</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Jason Dillon</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Marc Prud'hommeaux</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>jline</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JLine</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.14.6</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.14.6</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.14.6</td><td>Highest</td></tr></table></div><h4 id="header71" class="subsectionheader white">Identifiers</h4><div id="content71" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/jline/jline@2.14.6 (<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l36_f91fda2c7f9f485db21a50c05ff3a65c1fa20090"></a>jruby-complete-9.4.0.0.jar: jline-2.14.6.jar: jansi.dll</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar/META-INF/native/windows32/jansi.dll<br/><b>MD5:</b> 83fdcbb296f9732176748e443c7637a5<br/><b>SHA1:</b> f91fda2c7f9f485db21a50c05ff3a65c1fa20090<br/><b>SHA256:</b>7db0fdba01b93f8d45c8fa9ba949f424efb0361d6f8af5561d769378d8b3a1ac</p><h4 id="header72" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content72" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jansi</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jansi</td><td>High</td></tr></table></div><h4 id="header73" class="subsectionheader white">Identifiers</h4><div id="content73" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l37_8d96f40da8970ddd48af4517512a0fdd077c33da"></a>jruby-complete-9.4.0.0.jar: jline-2.14.6.jar: jansi.dll</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar/META-INF/native/windows64/jansi.dll<br/><b>MD5:</b> b009262ec2c7e84839af9729b752f14e<br/><b>SHA1:</b> 8d96f40da8970ddd48af4517512a0fdd077c33da<br/><b>SHA256:</b>daed7ea5b66bce3821742564af812b6f4e25939b3d273ed5a156ba7c92c452dc</p><h4 id="header74" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content74" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jansi</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jansi</td><td>High</td></tr></table></div><h4 id="header75" class="subsectionheader white">Identifiers</h4><div id="content75" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l38_feebc56dc27535e5d94fe99b4c1d46fbac3a68e9"></a>jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)</h3><div class="subsectioncontent"><p><b>Description:</b><pre>JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.</pre></p><p><b>License:</b><pre class="indent">EPL-1.0: http://opensource.org/licenses/EPL-1.0 | |
GPL-2.0: http://opensource.org/licenses/GPL-2.0 | |
LGPL-2.1: http://opensource.org/licenses/LGPL-2.1</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar/META-INF/maven/rubygems/jruby-openssl/pom.xml<br/><b>MD5:</b> d28f9d9f772eb62076cdf56f28e43a66<br/><b>SHA1:</b> feebc56dc27535e5d94fe99b4c1d46fbac3a68e9<br/><b>SHA256:</b>017e9e90699f8cab1bc9d1b199507079d536d2f114a4a1395822ed228e3caeeb</p><h4 id="header76" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content76" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-openssl</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>self+jruby-openssl@kares.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>JRuby contributors</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Karol Bucek</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Ola Bini</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>rubygems</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby OpenSSL</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>jruby/jruby-openssl</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-openssl</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>self+jruby-openssl@kares.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>JRuby contributors</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Karol Bucek</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Ola Bini</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>rubygems</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby OpenSSL</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>jruby/jruby-openssl</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.14.0</td><td>Highest</td></tr></table></div><h4 id="header77" class="subsectionheader white">Identifiers</h4><div id="content77" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/rubygems/jruby-openssl@0.14.0 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A0.14.0" target="_blank">cpe:2.3:a:jruby:jruby:0.14.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aopenssl&cpe_product=cpe%3A%2F%3Aopenssl%3Aopenssl&cpe_version=cpe%3A%2F%3Aopenssl%3Aopenssl%3A0.14.0" target="_blank">cpe:2.3:a:openssl:openssl:0.14.0:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:openssl:openssl">suppress</button></li></ul></div><h4 id="header78" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content78" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2108">CVE-2016-2108</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-2108">suppress</button></p><p><pre>The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.</pre>CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (10.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html">APPLE-SA-2016-07-18-1</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/89752">89752</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759</a></li><li>CONFIRM - <a target="_blank" href="http://source.android.com/security/bulletin/2016-07-01.html">http://source.android.com/security/bulletin/2016-07-01.html</a></li><li>CONFIRM - <a target="_blank" href="http://support.citrix.com/article/CTX212736">http://support.citrix.com/article/CTX212736</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html">http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa123">https://bto.bluecoat.com/security-advisory/sa123</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871">https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27">https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05149345">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05149345</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05164862">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05164862</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05386804">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05386804</a></li><li>CONFIRM - <a target="_blank" href="https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202">https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202</a></li><li>CONFIRM - <a target="_blank" href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr">https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20160504-0001/">https://security.netapp.com/advisory/ntap-20160504-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206903">https://support.apple.com/HT206903</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20160503.txt">https://www.openssl.org/news/secadv/20160503.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2016/dsa-3566">DSA-3566</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html">FEDORA-2016-05c567df1a</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html">FEDORA-2016-1411324654</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html">FEDORA-2016-1e39d934ed</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201612-16">GLSA-201612-16</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0722.html">RHSA-2016:0722</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0996.html">RHSA-2016:0996</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2016:1137">RHSA-2016:1137</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2056.html">RHSA-2016:2056</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2073.html">RHSA-2016:2073</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2957.html">RHSA-2016:2957</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:0193">RHSA-2017:0193</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:0194">RHSA-2017:0194</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1035721">1035721</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103">SSA:2016-124-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html">SUSE-SU-2016:1206</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html">SUSE-SU-2016:1228</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html">SUSE-SU-2016:1231</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html">SUSE-SU-2016:1233</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html">SUSE-SU-2016:1267</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html">SUSE-SU-2016:1290</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html">SUSE-SU-2016:1360</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html">openSUSE-SU-2016:1237</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html">openSUSE-SU-2016:1238</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html">openSUSE-SU-2016:1239</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html">openSUSE-SU-2016:1240</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html">openSUSE-SU-2016:1241</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html">openSUSE-SU-2016:1242</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html">openSUSE-SU-2016:1243</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html">openSUSE-SU-2016:1273</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2959-1">USN-2959-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs3">show all</a>)<ul><li class="vs3"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1n</a></li><li class="vs3">...</li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1n</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2">cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2a">cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2b">cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2176">CVE-2016-2176</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-2176">suppress</button></p><p><pre>The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.</pre>CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.4)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.2)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html">APPLE-SA-2016-07-18-1</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/89746">89746</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa123">https://bto.bluecoat.com/security-advisory/sa123</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561">https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us</a></li><li>CONFIRM - <a target="_blank" href="https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202">https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10160">https://kc.mcafee.com/corporate/index?page=content&id=SB10160</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20160504-0001/">https://security.netapp.com/advisory/ntap-20160504-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206903">https://support.apple.com/HT206903</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20160503.txt">https://www.openssl.org/news/secadv/20160503.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201612-16">GLSA-201612-16</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1035721">1035721</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103">SSA:2016-124-01</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs4">show all</a>)<ul><li class="vs4"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs4">...</li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2">cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2a">cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2b">cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2c">cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2d">cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2e">cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2f">cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2g">cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4252">CVE-2010-4252</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2010-4252">suppress</button></p><p><pre>OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the odc parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.</pre>CWE-287 Improper Authentication<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/45163">45163</a></li><li>CONFIRM - <a target="_blank" href="http://cvs.openssl.org/chngview?cn=20098">http://cvs.openssl.org/chngview?cn=20098</a></li><li>CONFIRM - <a target="_blank" href="http://openssl.org/news/secadv_20101202.txt">http://openssl.org/news/secadv_20101202.txt</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=659297">https://bugzilla.redhat.com/show_bug.cgi?id=659297</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=129916880600544&w=2">HPSBUX02638</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=130497251507577&w=2">SSRT100475</a></li><li>MISC - <a target="_blank" href="http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf">http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf</a></li><li>MISC - <a target="_blank" href="https://github.com/seb-m/jpake">https://github.com/seb-m/jpake</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039">oval:org.mitre.oval:def:19039</a></li><li>SECTRACK - <a target="_blank" href="http://securitytracker.com/id?1024823">1024823</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/42469">42469</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471">SSA:2010-340-01</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2010/3120">ADV-2010-3120</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2010/3122">ADV-2010-3122</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs5">show all</a>)<ul><li class="vs5"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0b</a></li><li class="vs5">...</li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0b</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3">cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3a">cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta4">cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta5">cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta6">cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2106">CVE-2016-2106</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-2106">suppress</button></p><p><pre>Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.</pre>CWE-189 Numeric Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html">APPLE-SA-2016-07-18-1</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/89744">89744</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html">http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html">http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa123">https://bto.bluecoat.com/security-advisory/sa123</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26">https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722</a></li><li>CONFIRM - <a target="_blank" href="https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202">https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10160">https://kc.mcafee.com/corporate/index?page=content&id=SB10160</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20160504-0001/">https://security.netapp.com/advisory/ntap-20160504-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://source.android.com/security/bulletin/pixel/2017-11-01">https://source.android.com/security/bulletin/pixel/2017-11-01</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206903">https://support.apple.com/HT206903</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20160503.txt">https://www.openssl.org/news/secadv/20160503.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2016/dsa-3566">DSA-3566</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html">FEDORA-2016-05c567df1a</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html">FEDORA-2016-1411324654</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html">FEDORA-2016-1e39d934ed</a></li><li>FREEBSD - <a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc">FreeBSD-SA-16:17</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201612-16">GLSA-201612-16</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0722.html">RHSA-2016:0722</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0996.html">RHSA-2016:0996</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-1648.html">RHSA-2016:1648</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-1649.html">RHSA-2016:1649</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-1650.html">RHSA-2016:1650</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2056.html">RHSA-2016:2056</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2073.html">RHSA-2016:2073</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2957.html">RHSA-2016:2957</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1035721">1035721</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103">SSA:2016-124-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html">SUSE-SU-2016:1206</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html">SUSE-SU-2016:1228</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html">SUSE-SU-2016:1231</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html">SUSE-SU-2016:1233</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html">SUSE-SU-2016:1267</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html">SUSE-SU-2016:1290</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html">SUSE-SU-2016:1360</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html">openSUSE-SU-2016:1237</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html">openSUSE-SU-2016:1238</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html">openSUSE-SU-2016:1239</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html">openSUSE-SU-2016:1240</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html">openSUSE-SU-2016:1241</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html">openSUSE-SU-2016:1242</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html">openSUSE-SU-2016:1243</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html">openSUSE-SU-2016:1273</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2959-1">USN-2959-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs6">show all</a>)<ul><li class="vs6"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs6">...</li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2">cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2a">cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2b">cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2c">cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2d">cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2e">cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2f">cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2g">cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2109">CVE-2016-2109</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-2109">suppress</button></p><p><pre>The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html">APPLE-SA-2016-07-18-1</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/87940">87940</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html">http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html">http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa123">https://bto.bluecoat.com/security-advisory/sa123</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807">https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722</a></li><li>CONFIRM - <a target="_blank" href="https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202">https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10160">https://kc.mcafee.com/corporate/index?page=content&id=SB10160</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20160504-0001/">https://security.netapp.com/advisory/ntap-20160504-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://source.android.com/security/bulletin/2017-07-01">https://source.android.com/security/bulletin/2017-07-01</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206903">https://support.apple.com/HT206903</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20160503.txt">https://www.openssl.org/news/secadv/20160503.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2016/dsa-3566">DSA-3566</a></li><li>FREEBSD - <a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc">FreeBSD-SA-16:17</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201612-16">GLSA-201612-16</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0722.html">RHSA-2016:0722</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0996.html">RHSA-2016:0996</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2056.html">RHSA-2016:2056</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2073.html">RHSA-2016:2073</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2957.html">RHSA-2016:2957</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1035721">1035721</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103">SSA:2016-124-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html">SUSE-SU-2016:1206</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html">SUSE-SU-2016:1228</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html">SUSE-SU-2016:1231</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html">SUSE-SU-2016:1233</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html">SUSE-SU-2016:1267</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html">SUSE-SU-2016:1290</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html">SUSE-SU-2016:1360</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html">openSUSE-SU-2016:1237</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html">openSUSE-SU-2016:1238</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html">openSUSE-SU-2016:1239</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html">openSUSE-SU-2016:1240</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html">openSUSE-SU-2016:1241</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html">openSUSE-SU-2016:1242</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html">openSUSE-SU-2016:1243</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html">openSUSE-SU-2016:1273</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2959-1">USN-2959-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs7">show all</a>)<ul><li class="vs7"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs7">...</li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2">cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2a">cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2b">cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2c">cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2d">cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2e">cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2f">cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2g">cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4044">CVE-2021-4044</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2021-4044">suppress</button></p><p><pre>Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).</pre>CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20211229-0003/">https://security.netapp.com/advisory/ntap-20211229-0003/</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20211214.txt">https://www.openssl.org/news/secadv/20211214.txt</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs8">show all</a>)<ul><li class="vs8"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.2</a></li><li class="vs8">...</li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Acloud_backup%3A-">cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Ae-series_performance_analyzer%3A-">cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Aontap_select_deploy_administration_utility%3A-">cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Asnapcenter%3A-">cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.2</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.1.0">cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*</a></li><li class="vs8 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A3.0.0">cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2107">CVE-2016-2107</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-2107">suppress</button></p><p><pre>The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.</pre>CWE-310 Cryptographic Issues, CWE-200 Information Exposure<br/><br/>CVSSv2:<ul><li>Base Score: LOW (2.6)</li><li>Vector: /AV:N/AC:H/Au:N/C:P/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.9)</li><li>Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html">APPLE-SA-2016-07-18-1</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/89760">89760</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759</a></li><li>CONFIRM - <a target="_blank" href="http://source.android.com/security/bulletin/2016-07-01.html">http://source.android.com/security/bulletin/2016-07-01.html</a></li><li>CONFIRM - <a target="_blank" href="http://support.citrix.com/article/CTX212736">http://support.citrix.com/article/CTX212736</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html">http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html">http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa123">https://bto.bluecoat.com/security-advisory/sa123</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292">https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us">https://h20566.www2.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05164862">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05164862</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05320149</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05386804">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05386804</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05390722</a></li><li>CONFIRM - <a target="_blank" href="https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202">https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10160">https://kc.mcafee.com/corporate/index?page=content&id=SB10160</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20160504-0001/">https://security.netapp.com/advisory/ntap-20160504-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206903">https://support.apple.com/HT206903</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv/20160503.txt">https://www.openssl.org/news/secadv/20160503.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2016/dsa-3566">DSA-3566</a></li><li>EXPLOIT-DB - <a target="_blank" href="https://www.exploit-db.com/exploits/39768/">39768</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html">FEDORA-2016-05c567df1a</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html">FEDORA-2016-1411324654</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html">FEDORA-2016-1e39d934ed</a></li><li>FREEBSD - <a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc">FreeBSD-SA-16:17</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201612-16">GLSA-201612-16</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html</a></li><li>MISC - <a target="_blank" href="http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html">http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html</a></li><li>MISC - <a target="_blank" href="https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/">https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0722.html">RHSA-2016:0722</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-0996.html">RHSA-2016:0996</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2073.html">RHSA-2016:2073</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2957.html">RHSA-2016:2957</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1035721">1035721</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103">SSA:2016-124-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html">SUSE-SU-2016:1206</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html">SUSE-SU-2016:1228</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html">SUSE-SU-2016:1233</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html">openSUSE-SU-2016:1237</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html">openSUSE-SU-2016:1238</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html">openSUSE-SU-2016:1240</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html">openSUSE-SU-2016:1243</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html">openSUSE-SU-2016:1566</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2959-1">USN-2959-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs9">show all</a>)<ul><li class="vs9"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs9">...</li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ahp%3Ahelion_openstack%3A2.0">cpe:2.3:a:hp:helion_openstack:2.0:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ahp%3Ahelion_openstack%3A2.1">cpe:2.3:a:hp:helion_openstack:2.1:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ahp%3Ahelion_openstack%3A2.1.2">cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ahp%3Ahelion_openstack%3A2.1.4">cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1s</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2">cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2a">cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2b">cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2c">cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2d">cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2e">cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2f">cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.2g">cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7056">CVE-2016-7056</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-7056">suppress</button></p><p><pre>A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.</pre>CWE-320 Key Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: LOW (2.1)</li><li>Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.5)</li><li>Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/95375">95375</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056</a></li><li>CONFIRM - <a target="_blank" href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig">https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig</a></li><li>CONFIRM - <a target="_blank" href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig">https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig</a></li><li>CONFIRM - <a target="_blank" href="https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008">https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008</a></li><li>CONFIRM - <a target="_blank" href="https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html">https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html</a></li><li>CONFIRM - <a target="_blank" href="https://security-tracker.debian.org/tracker/CVE-2016-7056">https://security-tracker.debian.org/tracker/CVE-2016-7056</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2017/dsa-3773">DSA-3773</a></li><li>MISC - <a target="_blank" href="https://eprint.iacr.org/2016/1195">https://eprint.iacr.org/2016/1195</a></li><li>MLIST - <a target="_blank" href="https://seclists.org/oss-sec/2017/q1/52">[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:1413">RHSA-2017:1413</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:1414">RHSA-2017:1414</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2017-1415.html">RHSA-2017:1415</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:1801">RHSA-2017:1801</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:1802">RHSA-2017:1802</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1037575">1037575</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs10"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1u</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576">CVE-2011-4576</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4576">suppress</button></p><p><pre>The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html">APPLE-SA-2013-06-04-1</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/737740">VU#737740</a></li><li>CONFIRM - <a target="_blank" href="http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc">http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5784">http://support.apple.com/kb/HT5784</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20120104.txt">http://www.openssl.org/news/secadv_20120104.txt</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2012/dsa-2390">DSA-2390</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html">FEDORA-2012-18035</a></li><li>HP - <a target="_blank" href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041">HPSBMU02786</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=134039053214295&w=2">HPSBOV02793</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=132750648501816&w=2">HPSBUX02734</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=133951357207000&w=2">SSRT100852</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:006">MDVSA-2012:006</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007">MDVSA-2012:007</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1306.html">RHSA-2012:1306</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1307.html">RHSA-2012:1307</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1308.html">RHSA-2012:1308</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/48528">48528</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/55069">55069</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html">SUSE-SU-2012:0084</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html">openSUSE-SU-2012:0083</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs11">show all</a>)<ul><li class="vs11"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs11">...</li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 0.9.8r</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h%3Abogus">cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs11 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619">CVE-2011-4619</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4619">suppress</button></p><p><pre>The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html">APPLE-SA-2013-06-04-1</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/737740">VU#737740</a></li><li>CONFIRM - <a target="_blank" href="http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc">http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5784">http://support.apple.com/kb/HT5784</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20120104.txt">http://www.openssl.org/news/secadv_20120104.txt</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2012/dsa-2390">DSA-2390</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html">FEDORA-2012-18035</a></li><li>HP - <a target="_blank" href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041">HPSBMU02786</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=134039053214295&w=2">HPSBOV02793</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=132750648501816&w=2">HPSBUX02734</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=133728068926468&w=2">HPSBUX02782</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=133951357207000&w=2">SSRT100852</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:006">MDVSA-2012:006</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007">MDVSA-2012:007</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1306.html">RHSA-2012:1306</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1307.html">RHSA-2012:1307</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1308.html">RHSA-2012:1308</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/48528">48528</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html">SUSE-SU-2012:0084</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html">openSUSE-SU-2012:0083</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs12">show all</a>)<ul><li class="vs12"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs12">...</li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 0.9.8r</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h%3Abogus">cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs12 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4838">CVE-2011-4838</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4838">suppress</button></p><p><pre>JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</pre>CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html">20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/903934">VU#903934</a></li><li>CONFIRM - <a target="_blank" href="http://jruby.org/2011/12/27/jruby-1-6-5-1.html">http://jruby.org/2011/12/27/jruby-1-6-5-1.html</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-201207-06.xml">GLSA-201207-06</a></li><li>MISC - <a target="_blank" href="http://www.nruns.com/_downloads/advisory28122011.pdf">http://www.nruns.com/_downloads/advisory28122011.pdf</a></li><li>MISC - <a target="_blank" href="http://www.ocert.org/advisories/ocert-2011-003.html">http://www.ocert.org/advisories/ocert-2011-003.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1232.html">RHSA-2012:1232</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/47407">47407</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/50084">50084</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72019">jruby-hash-dos(72019)</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs13"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.5.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0027">CVE-2012-0027</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2012-0027">suppress</button></p><p><pre>The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20120104.txt">http://www.openssl.org/news/secadv_20120104.txt</a></li><li>HP - <a target="_blank" href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041">HPSBMU02786</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007">MDVSA-2012:007</a></li><li>OSVDB - <a target="_blank" href="http://osvdb.org/78191">78191</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html">openSUSE-SU-2012:0083</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs14">show all</a>)<ul><li class="vs14"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs14">...</li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3">cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3a">cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h%3Abogus">cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8r">cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8s">cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs14 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1330">CVE-2010-1330</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2010-1330">suppress</button></p><p><pre>The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html">http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html</a></li><li>MISC - <a target="_blank" href="https://bugs.gentoo.org/show_bug.cgi?id=317435">https://bugs.gentoo.org/show_bug.cgi?id=317435</a></li><li>MISC - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=750306">https://bugzilla.redhat.com/show_bug.cgi?id=750306</a></li><li>OSVDB - <a target="_blank" href="http://www.osvdb.org/77297">77297</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2011-1456.html">RHSA-2011:1456</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/46891">46891</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/80277">jruby-expression-engine-xss(80277)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs15">show all</a>)<ul><li class="vs15"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs15">...</li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.0">cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.1">cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.2">cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.8">cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.9">cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0">cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc1">cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc2">cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc3">cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.1">cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.2">cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.3">cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1">cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Abeta1">cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc1">cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc2">cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc3">cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.1">cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.2">cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.3">cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.4">cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.5">cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6">cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6%3Arc1">cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0">cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc1">cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc2">cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0">cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc1">cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc2">cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.1">cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc1">cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc2">cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc3">cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108">CVE-2011-4108</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4108">suppress</button></p><p><pre>The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html">APPLE-SA-2013-06-04-1</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/737740">VU#737740</a></li><li>CONFIRM - <a target="_blank" href="http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc">http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5784">http://support.apple.com/kb/HT5784</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20120104.txt">http://www.openssl.org/news/secadv_20120104.txt</a></li><li>CONFIRM - <a target="_blank" href="https://security.paloaltonetworks.com/CVE-2011-4108">https://security.paloaltonetworks.com/CVE-2011-4108</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2012/dsa-2390">DSA-2390</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html">FEDORA-2012-18035</a></li><li>HP - <a target="_blank" href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041">HPSBMU02786</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=134039053214295&w=2">HPSBOV02793</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=132750648501816&w=2">HPSBUX02734</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=133951357207000&w=2">SSRT100852</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:006">MDVSA-2012:006</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007">MDVSA-2012:007</a></li><li>MISC - <a target="_blank" href="http://www.isg.rhul.ac.uk/~kp/dtls.pdf">http://www.isg.rhul.ac.uk/~kp/dtls.pdf</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1306.html">RHSA-2012:1306</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1307.html">RHSA-2012:1307</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1308.html">RHSA-2012:1308</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/48528">48528</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57260">57260</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html">SUSE-SU-2012:0084</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html">SUSE-SU-2014:0320</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html">openSUSE-SU-2012:0083</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs16">show all</a>)<ul><li class="vs16"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs16">...</li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 0.9.8r</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h%3Abogus">cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577">CVE-2011-4577</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4577">suppress</button></p><p><pre>OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html">APPLE-SA-2013-06-04-1</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/737740">VU#737740</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5784">http://support.apple.com/kb/HT5784</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20120104.txt">http://www.openssl.org/news/secadv_20120104.txt</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html">FEDORA-2012-18035</a></li><li>HP - <a target="_blank" href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041">HPSBMU02786</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=132750648501816&w=2">HPSBUX02734</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=134039053214295&w=2">SSRT100891</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/57353">57353</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html">SUSE-SU-2012:0084</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html">openSUSE-SU-2012:0083</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs17">show all</a>)<ul><li class="vs17"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs17">...</li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 0.9.8r</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0e</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h%3Abogus">cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449">CVE-2013-6449</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2013-6449">suppress</button></p><p><pre>The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/64530">64530</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/534161/100/0/threaded">20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities</a></li><li>CONFIRM - <a target="_blank" href="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75</a></li><li>CONFIRM - <a target="_blank" href="http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest">http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=isg400001841">http://www-01.ibm.com/support/docview.wss?uid=isg400001841</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=isg400001843">http://www-01.ibm.com/support/docview.wss?uid=isg400001843</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.vmware.com/security/advisories/VMSA-2014-0012.html">http://www.vmware.com/security/advisories/VMSA-2014-0012.html</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1045363">https://bugzilla.redhat.com/show_bug.cgi?id=1045363</a></li><li>CONFIRM - <a target="_blank" href="https://issues.apache.org/jira/browse/TS-2355">https://issues.apache.org/jira/browse/TS-2355</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2014/dsa-2833">DSA-2833</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html">FEDORA-2013-23768</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html">FEDORA-2013-23788</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html">FEDORA-2013-23794</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html">FEDORA-2014-9301</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html">FEDORA-2014-9308</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2014/Dec/23">20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-201412-39.xml">GLSA-201412-39</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2014-0015.html">RHSA-2014:0015</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2014-0041.html">RHSA-2014:0041</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1029548">1029548</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html">openSUSE-SU-2014:0012</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.html">openSUSE-SU-2014:0015</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.html">openSUSE-SU-2014:0018</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html">openSUSE-SU-2014:0048</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2079-1">USN-2079-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs18">show all</a>)<ul><li class="vs18"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1e</a></li><li class="vs18">...</li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1e</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0e">cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0f">cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0g">cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0h">cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0i">cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0j">cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1">cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1a">cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1b">cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1c">cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1d">cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298">CVE-2010-5298</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2010-5298">suppress</button></p><p><pre>Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.</pre>CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.0)</li><li>Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/66801">66801</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/534161/100/0/threaded">20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl">20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products</a></li><li>CONFIRM - <a target="_blank" href="http://advisories.mageia.org/MGASA-2014-0187.html">http://advisories.mageia.org/MGASA-2014-0187.html</a></li><li>CONFIRM - <a target="_blank" href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig">http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195">http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195</a></li><li>CONFIRM - <a target="_blank" href="http://support.citrix.com/article/CTX140876">http://support.citrix.com/article/CTX140876</a></li><li>CONFIRM - <a target="_blank" href="http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup">http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21673137">http://www-01.ibm.com/support/docview.wss?uid=swg21673137</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676035">http://www-01.ibm.com/support/docview.wss?uid=swg21676035</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676062">http://www-01.ibm.com/support/docview.wss?uid=swg21676062</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676419">http://www-01.ibm.com/support/docview.wss?uid=swg21676419</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676529">http://www-01.ibm.com/support/docview.wss?uid=swg21676529</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676655">http://www-01.ibm.com/support/docview.wss?uid=swg21676655</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676879">http://www-01.ibm.com/support/docview.wss?uid=swg21676879</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676889">http://www-01.ibm.com/support/docview.wss?uid=swg21676889</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677527">http://www-01.ibm.com/support/docview.wss?uid=swg21677527</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677695">http://www-01.ibm.com/support/docview.wss?uid=swg21677695</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677828">http://www-01.ibm.com/support/docview.wss?uid=swg21677828</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677836">http://www-01.ibm.com/support/docview.wss?uid=swg21677836</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21678167">http://www-01.ibm.com/support/docview.wss?uid=swg21678167</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21683332">http://www-01.ibm.com/support/docview.wss?uid=swg21683332</a></li><li>CONFIRM - <a target="_blank" href="http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754">http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754</a></li><li>CONFIRM - <a target="_blank" href="http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755">http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755</a></li><li>CONFIRM - <a target="_blank" href="http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756">http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756</a></li><li>CONFIRM - <a target="_blank" href="http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757">http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757</a></li><li>CONFIRM - <a target="_blank" href="http://www.blackberry.com/btsc/KB36051">http://www.blackberry.com/btsc/KB36051</a></li><li>CONFIRM - <a target="_blank" href="http://www.fortiguard.com/advisory/FG-IR-14-018/">http://www.fortiguard.com/advisory/FG-IR-14-018/</a></li><li>CONFIRM - <a target="_blank" href="http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm">http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm</a></li><li>CONFIRM - <a target="_blank" href="http://www.ibm.com/support/docview.wss?uid=swg21676356">http://www.ibm.com/support/docview.wss?uid=swg21676356</a></li><li>CONFIRM - <a target="_blank" href="http://www.ibm.com/support/docview.wss?uid=swg24037783">http://www.ibm.com/support/docview.wss?uid=swg24037783</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20140605.txt">http://www.openssl.org/news/secadv_20140605.txt</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html">http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.vmware.com/security/advisories/VMSA-2014-0006.html">http://www.vmware.com/security/advisories/VMSA-2014-0006.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.vmware.com/security/advisories/VMSA-2014-0012.html">http://www.vmware.com/security/advisories/VMSA-2014-0012.html</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05301946">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05301946</a></li><li>CONFIRM - <a target="_blank" href="https://kb.bluecoat.com/index?page=content&id=SA80">https://kb.bluecoat.com/index?page=content&id=SA80</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10075">https://kc.mcafee.com/corporate/index?page=content&id=SB10075</a></li><li>CONFIRM - <a target="_blank" href="https://www.novell.com/support/kb/doc.php?id=7015271">https://www.novell.com/support/kb/doc.php?id=7015271</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html">FEDORA-2014-9301</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html">FEDORA-2014-9308</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2014/Dec/23">20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-201407-05.xml">GLSA-201407-05</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140544599631400&w=2">HPSBGN03068</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=141658880509699&w=2">HPSBHF03052</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140448122410568&w=2">HPSBMU03051</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140431828824371&w=2">HPSBMU03055</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140389355508263&w=2">HPSBMU03056</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140389274407904&w=2">HPSBMU03057</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140752315422991&w=2">HPSBMU03062</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140621259019789&w=2">HPSBMU03074</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140904544427729&w=2">HPSBMU03076</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:090">MDVSA-2014:090</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2015:062">MDVSA-2015:062</a></li><li>MISC - <a target="_blank" href="http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse">http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</a></li><li>MISC - <a target="_blank" href="https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest">https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest</a></li><li>MISC - <a target="_blank" href="https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest">https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest</a></li><li>MLIST - <a target="_blank" href="http://openwall.com/lists/oss-security/2014/04/13/1">[oss-security] 20140412 Use-after-free race condition,in OpenSSL's read buffer</a></li><li>OPENBSD - <a target="_blank" href="http://www.openbsd.org/errata55.html#004_openssl">[5.5] 004: SECURITY FIX: April 12, 2014</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58337">58337</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58713">58713</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58939">58939</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58977">58977</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59162">59162</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59287">59287</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59300">59300</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59301">59301</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59342">59342</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59413">59413</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59437">59437</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59438">59438</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59440">59440</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59450">59450</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59490">59490</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59655">59655</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59666">59666</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59669">59669</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59721">59721</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html">SUSE-SU-2015:0743</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs19">show all</a>)<ul><li class="vs19"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1g</a></li><li class="vs19">...</li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1g</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3">cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3a">cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta4">cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta5">cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta6">cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8r">cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8s">cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8t">cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8u">cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8v">cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8w">cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8x">cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8y">cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0e">cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0f">cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0g">cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0h">cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0i">cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0j">cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0k">cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0l">cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1">cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1a">cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1b">cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1c">cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1d">cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1e">cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.1f">cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000">CVE-2015-4000</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2015-4000">suppress</button></p><p><pre>The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: LOW (3.7)</li><li>Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html">APPLE-SA-2015-06-30-1</a></li><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html">APPLE-SA-2015-06-30-2</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/74733">74733</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/91787">91787</a></li><li>CONFIRM - <a target="_blank" href="http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc">http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc</a></li><li>CONFIRM - <a target="_blank" href="http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery">http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery</a></li><li>CONFIRM - <a target="_blank" href="http://h20564.www2.hpe.com/hpsc/doc/odc/display?docId=emr_na-c04876402">http://h20564.www2.hpe.com/hpsc/doc/odc/display?docId=emr_na-c04876402</a></li><li>CONFIRM - <a target="_blank" href="http://h20564.www2.hpe.com/hpsc/doc/odc/display?docId=emr_na-c04949778">http://h20564.www2.hpe.com/hpsc/doc/odc/display?docId=emr_na-c04949778</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT204941">http://support.apple.com/kb/HT204941</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT204942">http://support.apple.com/kb/HT204942</a></li><li>CONFIRM - <a target="_blank" href="http://support.citrix.com/article/CTX201114">http://support.citrix.com/article/CTX201114</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959111">http://www-01.ibm.com/support/docview.wss?uid=swg21959111</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959195">http://www-01.ibm.com/support/docview.wss?uid=swg21959195</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959325">http://www-01.ibm.com/support/docview.wss?uid=swg21959325</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959453">http://www-01.ibm.com/support/docview.wss?uid=swg21959453</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959481">http://www-01.ibm.com/support/docview.wss?uid=swg21959481</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959517">http://www-01.ibm.com/support/docview.wss?uid=swg21959517</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959530">http://www-01.ibm.com/support/docview.wss?uid=swg21959530</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959539">http://www-01.ibm.com/support/docview.wss?uid=swg21959539</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959636">http://www-01.ibm.com/support/docview.wss?uid=swg21959636</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21959812">http://www-01.ibm.com/support/docview.wss?uid=swg21959812</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21960191">http://www-01.ibm.com/support/docview.wss?uid=swg21960191</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21961717">http://www-01.ibm.com/support/docview.wss?uid=swg21961717</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21962455">http://www-01.ibm.com/support/docview.wss?uid=swg21962455</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21962739">http://www-01.ibm.com/support/docview.wss?uid=swg21962739</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21958984">http://www-304.ibm.com/support/docview.wss?uid=swg21958984</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21959132">http://www-304.ibm.com/support/docview.wss?uid=swg21959132</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21960041">http://www-304.ibm.com/support/docview.wss?uid=swg21960041</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21960194">http://www-304.ibm.com/support/docview.wss?uid=swg21960194</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21960380">http://www-304.ibm.com/support/docview.wss?uid=swg21960380</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21960418">http://www-304.ibm.com/support/docview.wss?uid=swg21960418</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21962816">http://www-304.ibm.com/support/docview.wss?uid=swg21962816</a></li><li>CONFIRM - <a target="_blank" href="http://www-304.ibm.com/support/docview.wss?uid=swg21967893">http://www-304.ibm.com/support/docview.wss?uid=swg21967893</a></li><li>CONFIRM - <a target="_blank" href="http://www.fortiguard.com/advisory/2015-05-20-logjam-attack">http://www.fortiguard.com/advisory/2015-05-20-logjam-attack</a></li><li>CONFIRM - <a target="_blank" href="http://www.mozilla.org/security/announce/2015/mfsa2015-70.html">http://www.mozilla.org/security/announce/2015/mfsa2015-70.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html">http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html">http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html">http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html">http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html">http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html">http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm">http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm</a></li><li>CONFIRM - <a target="_blank" href="https://bto.bluecoat.com/security-advisory/sa98">https://bto.bluecoat.com/security-advisory/sa98</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1138554">https://bugzilla.mozilla.org/show_bug.cgi?id=1138554</a></li><li>CONFIRM - <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes">https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04770140">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04770140</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04772190">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04772190</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04773119">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04773119</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04773241">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04773241</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04832246">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04832246</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04918839">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04918839</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04923929">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04923929</a></li><li>CONFIRM - <a target="_blank" href="https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04926789">https://h20564.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04926789</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04740527">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04740527</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04953655">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c04953655</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05045763">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05045763</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05128722">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05128722</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05193083">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05193083</a></li><li>CONFIRM - <a target="_blank" href="https://help.ecostruxureit.com/display/odc/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes">https://help.ecostruxureit.com/display/odc/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10122">https://kc.mcafee.com/corporate/index?page=content&id=SB10122</a></li><li>CONFIRM - <a target="_blank" href="https://openssl.org/news/secadv/20150611.txt">https://openssl.org/news/secadv/20150611.txt</a></li><li>CONFIRM - <a target="_blank" href="https://puppet.com/security/cve/CVE-2015-4000">https://puppet.com/security/cve/CVE-2015-4000</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20150619-0001/">https://security.netapp.com/advisory/ntap-20150619-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.citrix.com/article/CTX216642">https://support.citrix.com/article/CTX216642</a></li><li>CONFIRM - <a target="_blank" href="https://support.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us">https://support.hpe.com/hpsc/doc/odc/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us</a></li><li>CONFIRM - <a target="_blank" href="https://www-304.ibm.com/support/docview.wss?uid=swg21959745">https://www-304.ibm.com/support/docview.wss?uid=swg21959745</a></li><li>CONFIRM - <a target="_blank" href="https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403">https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/">https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/</a></li><li>CONFIRM - <a target="_blank" href="https://www.openssl.org/news/secadv_20150611.txt">https://www.openssl.org/news/secadv_20150611.txt</a></li><li>CONFIRM - <a target="_blank" href="https://www.suse.com/security/cve/CVE-2015-4000.html">https://www.suse.com/security/cve/CVE-2015-4000.html</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2015/dsa-3287">DSA-3287</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2015/dsa-3300">DSA-3300</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2015/dsa-3316">DSA-3316</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2015/dsa-3324">DSA-3324</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2015/dsa-3339">DSA-3339</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2016/dsa-3688">DSA-3688</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html">FEDORA-2015-9048</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html">FEDORA-2015-9130</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html">FEDORA-2015-9161</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201506-02">GLSA-201506-02</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201512-10">GLSA-201512-10</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201603-11">GLSA-201603-11</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201701-46">GLSA-201701-46</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143557934009303&w=2">HPSBGN03351</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143628304012255&w=2">HPSBGN03361</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143558092609708&w=2">HPSBGN03362</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143655800220052&w=2">HPSBGN03373</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144060576831314&w=2">HPSBGN03399</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144069189622016&w=2">HPSBGN03402</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144050121701297&w=2">HPSBGN03404</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144060606031437&w=2">HPSBGN03405</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144102017024820&w=2">HPSBGN03407</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144061542602287&w=2">HPSBGN03411</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=145409266329539&w=2">HPSBGN03533</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144043644216842&w=2">HPSBMU03345</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143506486712441&w=2">HPSBMU03356</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144104533800819&w=2">HPSBMU03401</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143637549705650&w=2">HPSBUX03363</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=144493176821532&w=2">HPSBUX03512</a></li><li>HP - <a target="_blank" href="https://h20564.www2.hp.com/hpsc/doc/odc/display?docId=emr_na-c04718196">SSRT102112</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=143880121627664&w=2">SSRT102180</a></li><li>MISC - <a target="_blank" href="https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/">https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/</a></li><li>MISC - <a target="_blank" href="https://weakdh.org/">https://weakdh.org/</a></li><li>MISC - <a target="_blank" href="https://weakdh.org/imperfect-forward-secrecy.pdf">https://weakdh.org/imperfect-forward-secrecy.pdf</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2021.html">https://www.oracle.com/security-alerts/cpujan2021.html</a></li><li>MLIST - <a target="_blank" href="http://openwall.com/lists/oss-security/2015/05/20/8">[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice</a></li><li>NETBSD - <a target="_blank" href="http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc">NetBSD-SA2015-008</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1072.html">RHSA-2015:1072</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1185.html">RHSA-2015:1185</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1197.html">RHSA-2015:1197</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1228.html">RHSA-2015:1228</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1229.html">RHSA-2015:1229</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1230.html">RHSA-2015:1230</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1241.html">RHSA-2015:1241</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1242.html">RHSA-2015:1242</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1243.html">RHSA-2015:1243</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1485.html">RHSA-2015:1485</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1486.html">RHSA-2015:1486</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1488.html">RHSA-2015:1488</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1526.html">RHSA-2015:1526</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1544.html">RHSA-2015:1544</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2015-1604.html">RHSA-2015:1604</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-1624.html">RHSA-2016:1624</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2056.html">RHSA-2016:2056</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032474">1032474</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032475">1032475</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032476">1032476</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032637">1032637</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032645">1032645</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032647">1032647</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032648">1032648</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032649">1032649</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032650">1032650</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032651">1032651</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032652">1032652</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032653">1032653</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032654">1032654</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032655">1032655</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032656">1032656</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032688">1032688</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032699">1032699</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032702">1032702</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032727">1032727</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032759">1032759</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032777">1032777</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032778">1032778</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032783">1032783</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032784">1032784</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032856">1032856</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032864">1032864</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032865">1032865</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032871">1032871</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032884">1032884</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032910">1032910</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032932">1032932</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032960">1032960</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033019">1033019</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033064">1033064</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033065">1033065</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033067">1033067</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033208">1033208</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033209">1033209</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033210">1033210</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033222">1033222</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033341">1033341</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033385">1033385</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033416">1033416</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033430">1033430</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033433">1033433</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033513">1033513</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033760">1033760</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033891">1033891</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1033991">1033991</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1034087">1034087</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1034728">1034728</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1034884">1034884</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1036218">1036218</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1040630">1040630</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html">SUSE-SU-2015:1143</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html">SUSE-SU-2015:1150</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html">SUSE-SU-2015:1177</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html">SUSE-SU-2015:1181</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html">SUSE-SU-2015:1182</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html">SUSE-SU-2015:1183</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html">SUSE-SU-2015:1184</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html">SUSE-SU-2015:1185</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html">SUSE-SU-2015:1268</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html">SUSE-SU-2015:1269</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html">SUSE-SU-2015:1319</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html">SUSE-SU-2015:1320</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html">SUSE-SU-2015:1449</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html">SUSE-SU-2015:1581</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html">SUSE-SU-2015:1663</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html">SUSE-SU-2016:0224</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html">SUSE-SU-2016:0262</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html">openSUSE-SU-2015:1139</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html">openSUSE-SU-2015:1209</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html">openSUSE-SU-2015:1229</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html">openSUSE-SU-2015:1266</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html">openSUSE-SU-2015:1277</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html">openSUSE-SU-2015:1288</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html">openSUSE-SU-2015:1289</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html">openSUSE-SU-2015:1684</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html">openSUSE-SU-2016:0226</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html">openSUSE-SU-2016:0255</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html">openSUSE-SU-2016:0261</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html">openSUSE-SU-2016:0478</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html">openSUSE-SU-2016:0483</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2656-1">USN-2656-1</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2656-2">USN-2656-2</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2673-1">USN-2673-1</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2696-1">USN-2696-1</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2706-1">USN-2706-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs20">show all</a>)<ul><li class="vs20"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1m</a></li><li class="vs20">...</li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapple%3Asafari">cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Achrome%3A-">cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aibm%3Acontent_manager%3A8.5%3A%3A%7E%7E%7Eenterprise%7E%7E">cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amicrosoft%3Ainternet_explorer">cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Afirefox">cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Afirefox%3A39.0">cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Afirefox_esr%3A31.8">cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Afirefox_esr%3A38.1.0">cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Anetwork_security_services%3A3.19">cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Aseamonkey%3A2.35">cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Athunderbird%3A31.8">cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amozilla%3Athunderbird%3A38.1">cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.1m</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.1; versions up to (including) 1.0.1m</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2; versions up to (including) 1.0.2a</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopera%3Aopera_browser%3A-">cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajdk%3A1.6.0%3Aupdate95">cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajdk%3A1.7.0%3Aupdate75">cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajdk%3A1.7.0%3Aupdate80">cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajdk%3A1.8.0%3Aupdate45">cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajdk%3A1.8.0%3Aupdate_33">cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajre%3A1.6.0%3Aupdate_95">cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajre%3A1.7.0%3Aupdate_75">cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajre%3A1.7.0%3Aupdate_80">cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajre%3A1.8.0%3Aupdate_33">cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajre%3A1.8.0%3Aupdate_45">cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajrockit%3Ar28.3.6">cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Asparc-opl_service_processor">cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:* versions up to (including) 1121</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1945">CVE-2011-1945</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-1945">suppress</button></p><p><pre>The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: LOW (2.6)</li><li>Vector: /AV:N/AC:H/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html">APPLE-SA-2013-06-04-1</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/536044">VU#536044</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5784">http://support.apple.com/kb/HT5784</a></li><li>CONFIRM - <a target="_blank" href="http://www.kb.cert.org/vuls/id/MAPG-8FENZ3">http://www.kb.cert.org/vuls/id/MAPG-8FENZ3</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2011/dsa-2309">DSA-2309</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2011:136">MDVSA-2011:136</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2011:137">MDVSA-2011:137</a></li><li>MISC - <a target="_blank" href="http://eprint.iacr.org/2011/232.pdf">http://eprint.iacr.org/2011/232.pdf</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/44935">44935</a></li><li>SUSE - <a target="_blank" href="https://hermes.opensuse.org/messages/8764170">SUSE-SU-2011:0636</a></li><li>SUSE - <a target="_blank" href="https://hermes.opensuse.org/messages/8760466">openSUSE-SU-2011:0634</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs21">show all</a>)<ul><li class="vs21"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0d</a></li><li class="vs21">...</li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0d</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3">cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3a">cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta4">cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta5">cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta6">cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076">CVE-2014-0076</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)" data-sha1="feebc56dc27535e5d94fe99b4c1d46fbac3a68e9" data-pkgurl="pkg:maven/rubygems/jruby-openssl@0.14.0" data-type-to-suppress="cve" data-id-to-suppress="CVE-2014-0076">suppress</button></p><p><pre>The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: LOW (1.9)</li><li>Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/66363">66363</a></li><li>CISCO - <a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl">20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products</a></li><li>CONFIRM - <a target="_blank" href="http://advisories.mageia.org/MGASA-2014-0165.html">http://advisories.mageia.org/MGASA-2014-0165.html</a></li><li>CONFIRM - <a target="_blank" href="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29</a></li><li>CONFIRM - <a target="_blank" href="http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629">http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT6443">http://support.apple.com/kb/HT6443</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=isg400001841">http://www-01.ibm.com/support/docview.wss?uid=isg400001841</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=isg400001843">http://www-01.ibm.com/support/docview.wss?uid=isg400001843</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21673137">http://www-01.ibm.com/support/docview.wss?uid=swg21673137</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676035">http://www-01.ibm.com/support/docview.wss?uid=swg21676035</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676062">http://www-01.ibm.com/support/docview.wss?uid=swg21676062</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676092">http://www-01.ibm.com/support/docview.wss?uid=swg21676092</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676419">http://www-01.ibm.com/support/docview.wss?uid=swg21676419</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676424">http://www-01.ibm.com/support/docview.wss?uid=swg21676424</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676501">http://www-01.ibm.com/support/docview.wss?uid=swg21676501</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21676655">http://www-01.ibm.com/support/docview.wss?uid=swg21676655</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677695">http://www-01.ibm.com/support/docview.wss?uid=swg21677695</a></li><li>CONFIRM - <a target="_blank" href="http://www-01.ibm.com/support/docview.wss?uid=swg21677828">http://www-01.ibm.com/support/docview.wss?uid=swg21677828</a></li><li>CONFIRM - <a target="_blank" href="http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm">http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm</a></li><li>CONFIRM - <a target="_blank" href="http://www.novell.com/support/kb/doc.php?id=7015264">http://www.novell.com/support/kb/doc.php?id=7015264</a></li><li>CONFIRM - <a target="_blank" href="http://www.novell.com/support/kb/doc.php?id=7015300">http://www.novell.com/support/kb/doc.php?id=7015300</a></li><li>CONFIRM - <a target="_blank" href="http://www.openssl.org/news/secadv_20140605.txt">http://www.openssl.org/news/secadv_20140605.txt</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</a></li><li>CONFIRM - <a target="_blank" href="https://bugs.gentoo.org/show_bug.cgi?id=505278">https://bugs.gentoo.org/show_bug.cgi?id=505278</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.novell.com/show_bug.cgi?id=869945">https://bugzilla.novell.com/show_bug.cgi?id=869945</a></li><li>CONFIRM - <a target="_blank" href="https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05301946">https://h20566.www2.hpe.com/portal/site/hpsc/odc/kb/docDisplay?docId=emr_na-c05301946</a></li><li>CONFIRM - <a target="_blank" href="https://kc.mcafee.com/corporate/index?page=content&id=SB10075">https://kc.mcafee.com/corporate/index?page=content&id=SB10075</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140482916501310&w=2">HPSBGN03050</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140448122410568&w=2">HPSBMU03051</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140389355508263&w=2">HPSBMU03056</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140389274407904&w=2">HPSBMU03057</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140752315422991&w=2">HPSBMU03062</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140621259019789&w=2">HPSBMU03074</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140904544427729&w=2">HPSBMU03076</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140317760000786&w=2">HPSBOV03047</a></li><li>HP - <a target="_blank" href="http://marc.info/?l=bugtraq&m=140266410314613&w=2">SSRT101590</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:067">MDVSA-2014:067</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2015:062">MDVSA-2015:062</a></li><li>MISC - <a target="_blank" href="http://eprint.iacr.org/2014/140">http://eprint.iacr.org/2014/140</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58492">58492</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58727">58727</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/58939">58939</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59040">59040</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59162">59162</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59175">59175</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59264">59264</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59300">59300</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59364">59364</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59374">59374</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59413">59413</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59438">59438</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59445">59445</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59450">59450</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59454">59454</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59490">59490</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59495">59495</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59514">59514</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59655">59655</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/59721">59721</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/60571">60571</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html">openSUSE-SU-2014:0480</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html">openSUSE-SU-2016:0640</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-2165-1">USN-2165-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs22">show all</a>)<ul><li class="vs22"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0l</a></li><li class="vs22">...</li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl">cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to (including) 1.0.0l</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.1c">cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.2b">cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3">cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.3a">cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.4">cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5">cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a">cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.5a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6">cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a">cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6a%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6b">cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6c">cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6d">cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6e">cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6f">cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6g">cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6h">cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6i">cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6j">cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6k">cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6l">cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.6m">cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7">cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta2">cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta3">cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta4">cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta5">cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7%3Abeta6">cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7a">cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7b">cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7c">cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7d">cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7e">cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7f">cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7g">cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7h">cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7i">cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7j">cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7k">cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7l">cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.7m">cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8">cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8a">cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8b">cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8c">cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8d">cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8e">cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8f">cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8g">cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8h">cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8i">cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8j">cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8k">cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8l">cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m">cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8m%3Abeta1">cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8n">cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8o">cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8p">cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8q">cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8r">cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8s">cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8t">cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8u">cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8v">cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8w">cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8x">cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A0.9.8y">cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0">cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta1">cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta2">cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta3">cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta4">cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0%3Abeta5">cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0a">cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0b">cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0c">cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0d">cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0e">cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0f">cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0g">cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0h">cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0i">cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0j">cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopenssl%3Aopenssl%3A1.0.0k">cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l39_bcdf391001aba72dd10af7933442cedc758b6a08"></a>jruby-complete-9.4.0.0.jar: jopenssl.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar<br/><b>MD5:</b> 2f91034db43754fc5c7a4eb981ed3493<br/><b>SHA1:</b> bcdf391001aba72dd10af7933442cedc758b6a08<br/><b>SHA256:</b>d081167410a238bb1c086b330d1abd177bd141fa4f974d804b39688471723552</p><h4 id="header79" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content79" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jopenssl</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>openssl</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jopenssl</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>openssl</td><td>Low</td></tr></table></div><h4 id="header80" class="subsectionheader white">Identifiers</h4><div id="content80" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l40_d2055cf2721ccd0d84ce9776f6948f32693edb23"></a>jruby-complete-9.4.0.0.jar: jruby.dll</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/bin/jruby.dll<br/><b>MD5:</b> f4984dc17ea2fe968af0429c058612bf<br/><b>SHA1:</b> d2055cf2721ccd0d84ce9776f6948f32693edb23<br/><b>SHA256:</b>00963fee62934b34753a2764f26a5fb082429ad7fca9bab68bde136897371587</p><h4 id="header81" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content81" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jruby</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jruby</td><td>High</td></tr></table></div><h4 id="header82" class="subsectionheader white">Identifiers</h4><div id="content82" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l41_f77fcf2f1d1f68e89c2e1030f180c16247e483ce"></a>jruby-complete-9.4.0.0.jar: jruby.exe</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/bin/jruby.exe<br/><b>MD5:</b> 1839a3e41c81a5b1e439648d5ec793f7<br/><b>SHA1:</b> f77fcf2f1d1f68e89c2e1030f180c16247e483ce<br/><b>SHA256:</b>670a2786a5330c8dcd0d38221adddeeb36d6c10ff9298300f95bf4745ec36a5a</p><h4 id="header83" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content83" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jruby</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jruby</td><td>High</td></tr></table></div><h4 id="header84" class="subsectionheader white">Identifiers</h4><div id="content84" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l42_cd64083be92749aba74e568ddc619b905833d193"></a>jruby-complete-9.4.0.0.jar: jrubyw.exe</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/bin/jrubyw.exe<br/><b>MD5:</b> f25dee120cdac7b4980b532d12d7e9b1<br/><b>SHA1:</b> cd64083be92749aba74e568ddc619b905833d193<br/><b>SHA256:</b>4c13bfeb020a1f06ab339970c8b45f5d864dd76664de13e7aab7737e49a833e5</p><h4 id="header85" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content85" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jrubyw</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jrubyw</td><td>High</td></tr></table></div><h4 id="header86" class="subsectionheader white">Identifiers</h4><div id="content86" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l43_a99b9374c2e37d315a6279b9238615252becac49"></a>jruby-complete-9.4.0.0.jar: navigation.js</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/json_index/js/navigation.js<br/><b>MD5:</b> 0f2526548577d42eed5939333c321065<br/><b>SHA1:</b> a99b9374c2e37d315a6279b9238615252becac49<br/><b>SHA256:</b>757a5fb0031eb9bc47912ec87bcf16ce5ae855bb072bdb318437ffd806d7ee56</p><h4 id="header87" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content87" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header88" class="subsectionheader white">Identifiers</h4><div id="content88" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l44_17c93a93592b6d69ee57907bd075649cc19c11aa"></a>jruby-complete-9.4.0.0.jar: net-smtp.gemspec</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">Ruby, BSD-2-Clause</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/net/net-smtp.gemspec<br/><b>MD5:</b> 974b4f873e669cb19a2b114cb629137f<br/><b>SHA1:</b> 17c93a93592b6d69ee57907bd075649cc19c11aa<br/><b>SHA256:</b>640fe14b60a753fd4c1e24788c79ddcaae0ec8a7c83aa2b55142aa5e40d35926</p><h4 id="header89" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content89" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-ftp</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-imap</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-pop</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-protocol</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-smtp</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Shugo Maeda</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Yukihiro Matsumoto</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>matz@ruby-lang.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>shugo@ruby-lang.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-ftp</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-imap</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-pop</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-protocol</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-smtp</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby, BSD-2-Clause</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-ftp</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-imap</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-pop</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-protocol</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-smtp</td><td>High</td></tr></table></div><h4 id="header90" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content90" class="subsectioncontent standardsubsection hidden"><ul><li>jruby-complete-9.4.0.0.jar: net-ftp.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/net/net-ftp.gemspec</li><li>MD5: 3176af33ea114ab360a4cc725d5a9599</li><li>SHA1: c2d2e3641b78a3d1ffa46cc6b1cf462da28d7d51</li><li>SHA256: f617b872ff932fa91e34b782875152f66e45d829bc052a105022731fe5cdc3c8</li><li>gem:null</li></ul></li><li>jruby-complete-9.4.0.0.jar: net-imap.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/net/net-imap.gemspec</li><li>MD5: 6a427db622750d35dd5bc8b051148b20</li><li>SHA1: f25eba6dd88e6fae15a67a67af574d98e0ecf930</li><li>SHA256: fa6669e06dbda6512462c4b7ea53ccea3eafcfe58f29231acca75db31c208a63</li><li>gem:null</li></ul></li><li>jruby-complete-9.4.0.0.jar: net-pop.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/net/net-pop.gemspec</li><li>MD5: 1db14939e27675f88e3ecd8403d64d78</li><li>SHA1: 1a4416f07892882c4e48517af47a53398ea815b3</li><li>SHA256: 3e5aa7c2f141e1c542229d6cebff65af9f33b1b18994c7c54b7ea15b568dd97a</li><li>gem:null</li></ul></li><li>jruby-complete-9.4.0.0.jar: net-protocol.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/net/net-protocol.gemspec</li><li>MD5: e13969a6d3818220d241bb51be73917f</li><li>SHA1: aaaa48256f2c76e45cd3b097814b3eb828339482</li><li>SHA256: 78debb8c7209d29db4600f85bc507ebb75828a6b960c01806227796e56df5369</li><li>gem:null</li></ul></li></ul></div><h4 id="header91" class="subsectionheader white">Identifiers</h4><div id="content91" class="subsectioncontent standardsubsection"><ul><li>gem:null (<i>Confidence</i>:Highest)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l45_8f981206207df1d7d9971bd0d74dda5aa0ba7b2c"></a>jruby-complete-9.4.0.0.jar: parser.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/json/ext/parser.jar<br/><b>MD5:</b> 8e24715db36a58ac651db3ea42800b41<br/><b>SHA1:</b> 8f981206207df1d7d9971bd0d74dda5aa0ba7b2c<br/><b>SHA256:</b>8ac8daae07c95c22c7d29c056026cadf2404ff38d13832956b3e326805a3ee63</p><h4 id="header92" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content92" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>parser</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>json</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>parser</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr></table></div><h4 id="header93" class="subsectionheader white">Identifiers</h4><div id="content93" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l46_57ba8756375250c8c0e2fb569b7d698d8b10d9c5"></a>jruby-complete-9.4.0.0.jar: psych.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/psych.jar<br/><b>MD5:</b> 8fe50356fb6038ae0325d22609bfaf4c<br/><b>SHA1:</b> 57ba8756375250c8c0e2fb569b7d698d8b10d9c5<br/><b>SHA256:</b>249d2e21b1e120ae01a82ab123f024247c3339c81f045acc90b5ddd7072bb032</p><h4 id="header94" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content94" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>psych</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>psych</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>psych</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>psych</td><td>Low</td></tr></table></div><h4 id="header95" class="subsectionheader white">Identifiers</h4><div id="content95" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l47_3cb722b663bcb103aafaed0789d9491684d21eb6"></a>jruby-complete-9.4.0.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)</h3><div class="subsectioncontent"><p><b>Description:</b><pre>readline extension for JRuby</pre></p><p><b>License:</b><pre class="indent">EPL-1.0: http://opensource.org/licenses/EPL-1.0 | |
GPL-2.0: http://opensource.org/licenses/GPL-2.0 | |
LGPL-2.1: http://opensource.org/licenses/LGPL-2.1</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/readline.jar/META-INF/maven/rubygems/jruby-readline/pom.xml<br/><b>MD5:</b> f675c86ab93d2adadaab3e9ec7445fe6<br/><b>SHA1:</b> 3cb722b663bcb103aafaed0789d9491684d21eb6<br/><b>SHA256:</b>b931e0b3f3ff77ee17bb63301f5caabd262e046db28f190c434f565249383408</p><h4 id="header96" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content96" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jruby-readline</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>dev@jruby.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>JRuby contributors</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>rubygems</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JRuby Readline</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>jruby/jruby</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jruby-readline</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>dev@jruby.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>JRuby contributors</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>rubygems</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JRuby Readline</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>jruby/jruby</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.3.7</td><td>Highest</td></tr></table></div><h4 id="header97" class="subsectionheader white">Identifiers</h4><div id="content97" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/rubygems/jruby-readline@1.3.7 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajruby&cpe_product=cpe%3A%2F%3Ajruby%3Ajruby&cpe_version=cpe%3A%2F%3Ajruby%3Ajruby%3A1.3.7" target="_blank">cpe:2.3:a:jruby:jruby:1.3.7:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)" data-sha1="3cb722b663bcb103aafaed0789d9491684d21eb6" data-pkgurl="pkg:maven/rubygems/jruby-readline@1.3.7" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:jruby:jruby">suppress</button></li></ul></div><h4 id="header98" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content98" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4838">CVE-2011-4838</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)" data-sha1="3cb722b663bcb103aafaed0789d9491684d21eb6" data-pkgurl="pkg:maven/rubygems/jruby-readline@1.3.7" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4838">suppress</button></p><p><pre>JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</pre>CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html">20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/903934">VU#903934</a></li><li>CONFIRM - <a target="_blank" href="http://jruby.org/2011/12/27/jruby-1-6-5-1.html">http://jruby.org/2011/12/27/jruby-1-6-5-1.html</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-201207-06.xml">GLSA-201207-06</a></li><li>MISC - <a target="_blank" href="http://www.nruns.com/_downloads/advisory28122011.pdf">http://www.nruns.com/_downloads/advisory28122011.pdf</a></li><li>MISC - <a target="_blank" href="http://www.ocert.org/advisories/ocert-2011-003.html">http://www.ocert.org/advisories/ocert-2011-003.html</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-1232.html">RHSA-2012:1232</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/47407">47407</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/50084">50084</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72019">jruby-hash-dos(72019)</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs23"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.5.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1330">CVE-2010-1330</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="jruby-complete-9.4.0.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)" data-sha1="3cb722b663bcb103aafaed0789d9491684d21eb6" data-pkgurl="pkg:maven/rubygems/jruby-readline@1.3.7" data-type-to-suppress="cve" data-id-to-suppress="CVE-2010-1330">suppress</button></p><p><pre>The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html">http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html</a></li><li>MISC - <a target="_blank" href="https://bugs.gentoo.org/show_bug.cgi?id=317435">https://bugs.gentoo.org/show_bug.cgi?id=317435</a></li><li>MISC - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=750306">https://bugzilla.redhat.com/show_bug.cgi?id=750306</a></li><li>OSVDB - <a target="_blank" href="http://www.osvdb.org/77297">77297</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2011-1456.html">RHSA-2011:1456</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/46891">46891</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/80277">jruby-expression-engine-xss(80277)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs24">show all</a>)<ul><li class="vs24"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs24">...</li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby">cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:* versions up to (including) 1.4.0</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.0">cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.1">cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.2">cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.8">cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A0.9.9">cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0">cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc1">cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc2">cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.0%3Arc3">cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.1">cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.2">cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.0.3">cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1">cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Abeta1">cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc1">cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc2">cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1%3Arc3">cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.1">cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.2">cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.3">cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.4">cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.5">cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6">cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.1.6%3Arc1">cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0">cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc1">cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.2.0%3Arc2">cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0">cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc1">cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.0%3Arc2">cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.3.1">cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc1">cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc2">cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*</a></li><li class="vs24 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajruby%3Ajruby%3A1.4.0%3Arc3">cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l48_f94495275a3d40af13986495b60d7a2029d8eba5"></a>jruby-complete-9.4.0.0.jar: readline.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/readline.jar<br/><b>MD5:</b> ee095d6e2062601784e821c0761b7a8d<br/><b>SHA1:</b> f94495275a3d40af13986495b60d7a2029d8eba5<br/><b>SHA256:</b>25f6e191a7cddf15c926d9c5fb598237517b201d041f35f5cd01ae446b17d9d4</p><h4 id="header99" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content99" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>readline</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>demo</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>readline</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>readline</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>demo</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>readline</td><td>Low</td></tr></table></div><h4 id="header100" class="subsectionheader white">Identifiers</h4><div id="content100" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l49_7227a18b55ac08a0f8cc03ea8ac063f6dba1a1e5"></a>jruby-complete-9.4.0.0.jar: search.js</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/darkfish/js/search.js<br/><b>MD5:</b> 84b747a9f491cfb6740ab520d0c0602c<br/><b>SHA1:</b> 7227a18b55ac08a0f8cc03ea8ac063f6dba1a1e5<br/><b>SHA256:</b>972b0c1524a5789afa094459c524b4a7333b58536c9b2db6280468621a2c5439</p><h4 id="header101" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content101" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header102" class="subsectionheader white">Identifiers</h4><div id="content102" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l50_ff8ca51fd50d759d6ad7b78a171c8646968f7520"></a>jruby-complete-9.4.0.0.jar: searcher.js</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/json_index/js/searcher.js<br/><b>MD5:</b> e6753e62548eadebce36524f6178fd0b<br/><b>SHA1:</b> ff8ca51fd50d759d6ad7b78a171c8646968f7520<br/><b>SHA256:</b>e1b5467dd44b05a13e7b798a9c149954e9861089575dcaf8b302489c44bc359a</p><h4 id="header103" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content103" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header104" class="subsectionheader white">Identifiers</h4><div id="content104" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l51_2cd0a87ff7df953f810c344bdf2fe3340b954c69"></a>jruby-complete-9.4.0.0.jar: snakeyaml-1.33.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>YAML 1.1 parser and emitter for Java</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar<br/><b>MD5:</b> e0164a637c691c8cf01d29f90a709c02<br/><b>SHA1:</b> 2cd0a87ff7df953f810c344bdf2fe3340b954c69<br/><b>SHA256:</b>11ff459788f0a2d781f56a4a86d7e69202cebacd0273d5269c4ae9f02f3fd8f0</p><h4 id="header105" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content105" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>snakeyaml</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>emitter</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>parser</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>yaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-jdk-spec</td><td>1.8</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>snakeyaml</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>alexander.maslov@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>public.somov@gmail.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>asomov</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>maslovalex</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Alexander Maslov</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Andrey Somov</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.yaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>SnakeYAML</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://bitbucket.org/snakeyaml/snakeyaml</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>snakeyaml</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>emitter</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>parser</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>yaml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>build-jdk-spec</td><td>1.8</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>SnakeYAML</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>alexander.maslov@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>public.somov@gmail.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>asomov</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>maslovalex</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Alexander Maslov</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Andrey Somov</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.yaml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>SnakeYAML</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://bitbucket.org/snakeyaml/snakeyaml</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.33</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.33</td><td>Highest</td></tr></table></div><h4 id="header106" class="subsectionheader white">Identifiers</h4><div id="content106" class="subsectioncontent standardsubsection"><ul><li>pkg:maven/org.yaml/snakeyaml@1.33 (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Asnakeyaml_project&cpe_product=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml&cpe_version=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml%3A1.33" target="_blank">cpe:2.3:a:snakeyaml_project:snakeyaml:1.33:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="jruby-complete-9.4.0.0.jar: snakeyaml-1.33.jar" data-sha1="2cd0a87ff7df953f810c344bdf2fe3340b954c69" data-pkgurl="pkg:maven/org.yaml/snakeyaml@1.33" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:snakeyaml_project:snakeyaml">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l52_4e79db3db102099264192a5f8a37a59f7aca731e"></a>jruby-complete-9.4.0.0.jar: stringio.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/stringio.jar<br/><b>MD5:</b> e62cc3d29fc5b14807b23711b56fe837<br/><b>SHA1:</b> 4e79db3db102099264192a5f8a37a59f7aca731e<br/><b>SHA256:</b>f9109a039e3109d513b6191f5372a8db48b714fb4f28f24cfea05b03e866490d</p><h4 id="header107" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content107" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>stringio</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>stringio</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>stringio</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>stringio</td><td>Low</td></tr></table></div><h4 id="header108" class="subsectionheader white">Identifiers</h4><div id="content108" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l53_a633297a11690d0fa6adcea1d102b69586a18fe5"></a>jruby-complete-9.4.0.0.jar: strscan.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/strscan.jar<br/><b>MD5:</b> dc5acd3f3d29f19f3b66d7a68a3d250d<br/><b>SHA1:</b> a633297a11690d0fa6adcea1d102b69586a18fe5<br/><b>SHA256:</b>387bafb257e14e853801367c8e4282c5ba55053d948bf71a110b4a86f847de43</p><h4 id="header109" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content109" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>strscan</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>strscan</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>strscan</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>strscan</td><td>Low</td></tr></table></div><h4 id="header110" class="subsectionheader white">Identifiers</h4><div id="content110" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l54_b9079a8554f39435b7c44fff86b83a857c7962f8"></a>jruby-complete-9.4.0.0.jar: wait.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/stdlib/io/wait.jar<br/><b>MD5:</b> 21815b4c28a840894814b583816847d5<br/><b>SHA1:</b> b9079a8554f39435b7c44fff86b83a857c7962f8<br/><b>SHA256:</b>5c284b443edd8dbfaea425e8a5156144656a357460057d05df0c78e50874ac66</p><h4 id="header111" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content111" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>wait</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>io</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jruby</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>wait</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ext</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>io</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>wait</td><td>Low</td></tr></table></div><h4 id="header112" class="subsectionheader white">Identifiers</h4><div id="content112" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l55_ae63788a95b318d16eef550f336015334d27b578"></a>matrix:0.4.2</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>An implementation of Matrix and Vector classes.</pre></p><p><b>License:</b><pre class="indent">Ruby.freeze, BSD-2-Clause.freeze</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/specifications/matrix-0.4.2.gemspec<br/><b>MD5:</b> 8bafc6393d4a54d6136f21731fcf37a9<br/><b>SHA1:</b> ae63788a95b318d16eef550f336015334d27b578<br/><b>SHA256:</b>9acc0d25960cc3fbd614472ea55c105b5bab0e2fbe479ba71d2289242b7d9c6e</p><h4 id="header113" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content113" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>matrix</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Marc-Andre Lafortune</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Marc-Andre Lafortune.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>ruby-core@marc-andre.ca</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>ruby-core@marc-andre.ca.freeze</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/matrix</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby, BSD-2-Clause</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby.freeze, BSD-2-Clause.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>name_project</td><td>matrix_project</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>matrix</td><td>High</td></tr><tr><td>Product</td><td>gemspec</td><td>name</td><td>matrix</td><td>Highest</td></tr><tr><td>Product</td><td>gemspec</td><td>summary</td><td>An implementation of Matrix and Vector classes.</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>0.4.2</td><td>High</td></tr><tr><td>Version</td><td>gemspec</td><td>version</td><td>0.4.2</td><td>Highest</td></tr></table></div><h4 id="header114" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content114" class="subsectioncontent standardsubsection hidden"><ul><li>jruby-complete-9.4.0.0.jar: matrix.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/gems/matrix-0.4.2/matrix.gemspec</li><li>MD5: 56b99ef4fb93dce92f216954df2860ab</li><li>SHA1: c572501dbe8012d1c821bfcd6e15b7f970875722</li><li>SHA256: 621768b5a2ff3fa8968f99c0c901c6c450dfc2ac3c045b87d15a2964db2cf5d5</li><li>pkg:gem/matrix</li></ul></li></ul></div><h4 id="header115" class="subsectionheader white">Identifiers</h4><div id="content115" class="subsectioncontent standardsubsection"><ul><li>pkg:gem/matrix@0.4.2 (<i>Confidence</i>:Highest)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l56_411abb0b6d5e1b76f8adfcc16b90495a2d284767"></a>minitest:5.15.0</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>minitest provides a complete suite of testing facilities supporting TDD, BDD, mocking, and benchmarking</pre></p><p><b>License:</b><pre class="indent">MIT.freeze</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/specifications/minitest-5.15.0.gemspec<br/><b>MD5:</b> f0f08b18761989e9417f1011e7a6978a<br/><b>SHA1:</b> 411abb0b6d5e1b76f8adfcc16b90495a2d284767<br/><b>SHA256:</b>ff830ba41c62467ec98d73a0292a6b2b82bb23be52ba427088585f103d203d68</p><h4 id="header116" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content116" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>minitest</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Ryan Davis.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>ryand-ruby@zenspider.com.freeze</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/seattlerb/minitest</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>MIT.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>name_project</td><td>minitest_project</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>minitest</td><td>High</td></tr><tr><td>Product</td><td>gemspec</td><td>name</td><td>minitest</td><td>Highest</td></tr><tr><td>Product</td><td>gemspec</td><td>summary</td><td>minitest provides a complete suite of testing facilities supporting TDD, BDD, mocking, and benchmarking</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>5.15.0</td><td>High</td></tr><tr><td>Version</td><td>gemspec</td><td>version</td><td>5.15.0</td><td>Highest</td></tr></table></div><h4 id="header117" class="subsectionheader white">Identifiers</h4><div id="content117" class="subsectioncontent standardsubsection"><ul><li>pkg:gem/minitest@5.15.0 (<i>Confidence</i>:Highest)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l57_2071a9b16d87c9f0857c5fe0a2c17b35de771177"></a>net-ftp:0.1.3</h3><div class="subsectioncontent"><p><b>Description:</b><pre>Support for the File Transfer Protocol.</pre></p><p><b>License:</b><pre class="indent">Ruby.freeze, BSD-2-Clause.freeze</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/specifications/net-ftp-0.1.3.gemspec<br/><b>MD5:</b> ddc46823a5bbd5ec73faad55ab490b5d<br/><b>SHA1:</b> 2071a9b16d87c9f0857c5fe0a2c17b35de771177<br/><b>SHA256:</b>e8f01185572df08b7e048ea403a96835da0adb7d08c5d78c4cc771a3ab72474b</p><h4 id="header118" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content118" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-ftp</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Shugo Maeda</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Shugo Maeda.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>shugo@ruby-lang.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>shugo@ruby-lang.org.freeze</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-ftp</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby, BSD-2-Clause</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby.freeze, BSD-2-Clause.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>name_project</td><td>net-ftp_project</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-ftp</td><td>High</td></tr><tr><td>Product</td><td>gemspec</td><td>name</td><td>net-ftp</td><td>Highest</td></tr><tr><td>Product</td><td>gemspec</td><td>summary</td><td>Support for the File Transfer Protocol.</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>0.1.3</td><td>High</td></tr><tr><td>Version</td><td>gemspec</td><td>version</td><td>0.1.3</td><td>Highest</td></tr></table></div><h4 id="header119" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content119" class="subsectioncontent standardsubsection hidden"><ul><li>jruby-complete-9.4.0.0.jar: net-ftp.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/gems/net-ftp-0.1.3/net-ftp.gemspec</li><li>MD5: 3176af33ea114ab360a4cc725d5a9599</li><li>SHA1: c2d2e3641b78a3d1ffa46cc6b1cf462da28d7d51</li><li>SHA256: f617b872ff932fa91e34b782875152f66e45d829bc052a105022731fe5cdc3c8</li><li>gem:null</li></ul></li></ul></div><h4 id="header120" class="subsectionheader white">Identifiers</h4><div id="content120" class="subsectioncontent standardsubsection"><ul><li>pkg:gem/net-ftp@0.1.3 (<i>Confidence</i>:Highest)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aftp&cpe_product=cpe%3A%2F%3Aftp%3Aftp&cpe_version=cpe%3A%2F%3Aftp%3Aftp%3A0.1.3" target="_blank">cpe:2.3:a:ftp:ftp:0.1.3:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="net-ftp:0.1.3" data-sha1="2071a9b16d87c9f0857c5fe0a2c17b35de771177" data-pkgurl="pkg:gem/net-ftp@0.1.3" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:ftp:ftp">suppress</button></li></ul></div><h4 id="header121" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content121" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0082">CVE-1999-0082</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-ftp:0.1.3" data-sha1="2071a9b16d87c9f0857c5fe0a2c17b35de771177" data-pkgurl="pkg:gem/net-ftp@0.1.3" data-type-to-suppress="cve" data-id-to-suppress="CVE-1999-0082">suppress</button></p><p><pre>CWD ~root command in ftpd allows root access.</pre>NVD-CWE-Other<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (10.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C</li></ul><br/>References:<ul><li>FARMERVENEMA - <a target="_blank" href="http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html">Improving the Security of Your Site by Breaking Into it</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs25">show all</a>)<ul><li class="vs25"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aftp%3Aftp">cpe:2.3:a:ftp:ftp:*:*:*:*:*:*:*:*</a></li><li class="vs25">...</li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aftp%3Aftp">cpe:2.3:a:ftp:ftp:*:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aftpcd%3Aftpcd">cpe:2.3:a:ftpcd:ftpcd:*:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0201">CVE-1999-0201</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-ftp:0.1.3" data-sha1="2071a9b16d87c9f0857c5fe0a2c17b35de771177" data-pkgurl="pkg:gem/net-ftp@0.1.3" data-type-to-suppress="cve" data-id-to-suppress="CVE-1999-0201">suppress</button></p><p><pre>A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.</pre>NVD-CWE-Other<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.4)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N</li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs26"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aftp%3Aftp">cpe:2.3:a:ftp:ftp:*:*:*:*:*:*:*:*</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection"><a name="l58_5d4f5c06a92f8c911448081e329034a23642798e"></a>net-imap:0.2.2</h3><div class="subsectioncontent"><p><b>Description:</b><pre>Ruby client api for Internet Message Access Protocol</pre></p><p><b>License:</b><pre class="indent">Ruby.freeze, BSD-2-Clause.freeze</pre><b>File Path:</b> /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/specifications/net-imap-0.2.2.gemspec<br/><b>MD5:</b> 680f272199f541f80e58499d29edca52<br/><b>SHA1:</b> 5d4f5c06a92f8c911448081e329034a23642798e<br/><b>SHA256:</b>f50cd8971a996d8c625b7ee7f5f9a979f861321a9cf322aee8fb933106c08b90</p><h4 id="header122" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content122" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>net-imap</td><td>High</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Shugo Maeda</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>author</td><td>Shugo Maeda.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>shugo@ruby-lang.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>email</td><td>shugo@ruby-lang.org.freeze</td><td>Medium</td></tr><tr><td>Vendor</td><td>gemspec</td><td>homepage</td><td>https://github.com/ruby/net-imap</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby, BSD-2-Clause</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>license</td><td>Ruby.freeze, BSD-2-Clause.freeze</td><td>Highest</td></tr><tr><td>Vendor</td><td>gemspec</td><td>name_project</td><td>net-imap_project</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>net-imap</td><td>High</td></tr><tr><td>Product</td><td>gemspec</td><td>name</td><td>net-imap</td><td>Highest</td></tr><tr><td>Product</td><td>gemspec</td><td>summary</td><td>Ruby client api for Internet Message Access Protocol</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>0.2.2</td><td>High</td></tr><tr><td>Version</td><td>gemspec</td><td>version</td><td>0.2.2</td><td>Highest</td></tr></table></div><h4 id="header123" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content123" class="subsectioncontent standardsubsection hidden"><ul><li>jruby-complete-9.4.0.0.jar: net-imap.gemspec<ul><li>File Path: /fossproxy/app/media/scan_files/jruby-complete-9.4.0.0.jar/META-INF/jruby.home/lib/ruby/gems/shared/gems/net-imap-0.2.2/net-imap.gemspec</li><li>MD5: 6a427db622750d35dd5bc8b051148b20</li><li>SHA1: f25eba6dd88e6fae15a67a67af574d98e0ecf930</li><li>SHA256: fa6669e06dbda6512462c4b7ea53ccea3eafcfe58f29231acca75db31c208a63</li><li>gem:null</li></ul></li></ul></div><h4 id="header124" class="subsectionheader white">Identifiers</h4><div id="content124" class="subsectioncontent standardsubsection"><ul><li>pkg:gem/net-imap@0.2.2 (<i>Confidence</i>:Highest)</li><li>cpe:2.3:a:ruby-lang:ruby:0.2.2:*:*:*:*:*:*:* (<i>Confidence</i>:Low) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:ruby-lang:ruby">suppress</button></li></ul></div><h4 id="header125" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content125" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14064">CVE-2017-14064</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-14064">suppress</button></p><p><pre>Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.</pre>CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/100890">100890</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/">https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/">https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2017/dsa-3966">DSA-3966</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201710-18">GLSA-201710-18</a></li><li>MISC - <a target="_blank" href="https://bugs.ruby-lang.org/issues/13853">https://bugs.ruby-lang.org/issues/13853</a></li><li>MISC - <a target="_blank" href="https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85">https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/209949">https://hackerone.com/reports/209949</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html">[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:3485">RHSA-2017:3485</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0378">RHSA-2018:0378</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0583">RHSA-2018:0583</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0585">RHSA-2018:0585</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1039363">1039363</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1042004">1042004</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/3685-1/">USN-3685-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs27">show all</a>)<ul><li class="vs27"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.2.7</a></li><li class="vs27">...</li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.2.7</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0">cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0%3Apreview2">cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.1">cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.2">cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.3">cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.4">cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0">cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview2">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview3">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Arc1">cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*</a></li><li class="vs27 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.1">cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9224">CVE-2017-9224</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9224">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.</pre>CWE-125 Out-of-bounds Read<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/101244">101244</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b">https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/57">https://github.com/kkos/oniguruma/issues/57</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:1296">RHSA-2018:1296</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs28">show all</a>)<ul><li class="vs28"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs28">...</li><li class="vs28 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs28 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs28 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9225">CVE-2017-9225</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9225">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.</pre>CWE-787 Out-of-bounds Write<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f">https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/56">https://github.com/kkos/oniguruma/issues/56</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs29">show all</a>)<ul><li class="vs29"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs29">...</li><li class="vs29 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs29 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs29 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9226">CVE-2017-9226</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9226">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.</pre>CWE-787 Out-of-bounds Write<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/101244">101244</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a">https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6">https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/55">https://github.com/kkos/oniguruma/issues/55</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:1296">RHSA-2018:1296</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs30">show all</a>)<ul><li class="vs30"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs30">...</li><li class="vs30 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs30 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs30 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9227">CVE-2017-9227</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9227">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.</pre>CWE-125 Out-of-bounds Read<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/100538">100538</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814">https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/58">https://github.com/kkos/oniguruma/issues/58</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:1296">RHSA-2018:1296</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs31">show all</a>)<ul><li class="vs31"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs31">...</li><li class="vs31 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs31 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs31 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9228">CVE-2017-9228</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9228">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.</pre>CWE-787 Out-of-bounds Write<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b">https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/60">https://github.com/kkos/oniguruma/issues/60</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:1296">RHSA-2018:1296</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs32">show all</a>)<ul><li class="vs32"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs32">...</li><li class="vs32 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs32 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs32 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8780">CVE-2018-8780</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2018-8780">suppress</button></p><p><pre>In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.</pre>CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.1)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/103739">103739</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/">https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/">https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/">https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/">https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/">https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2018/dsa-4259">DSA-4259</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html">[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html">[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html">[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:3729">RHSA-2018:3729</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:3730">RHSA-2018:3730</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:3731">RHSA-2018:3731</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2028">RHSA-2019:2028</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0542">RHSA-2020:0542</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0591">RHSA-2020:0591</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0663">RHSA-2020:0663</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1042004">1042004</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html">openSUSE-SU-2019:1771</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/3626-1/">USN-3626-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs33">show all</a>)<ul><li class="vs33"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.10</a></li><li class="vs33">...</li><li class="vs33 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.10</a></li><li class="vs33 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.3.0; versions up to (excluding) 2.3.7</a></li><li class="vs33 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (excluding) 2.4.4</a></li><li class="vs33 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.5.0; versions up to (excluding) 2.5.1</a></li><li class="vs33 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.6.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2662">CVE-2008-2662</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-2662">suppress</button></p><p><pre>Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.</pre>CWE-189 Numeric Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (10.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html">APPLE-SA-2008-06-30</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/29903">29903</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/493688/100/0/threaded">20080626 rPSA-2008-0206-1 ruby</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT2163">http://support.apple.com/kb/HT2163</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>CONFIRM - <a target="_blank" href="https://issues.rpath.com/browse/RPL-2626">https://issues.rpath.com/browse/RPL-2626</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1612">DSA-1612</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1618">DSA-1618</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:142">MDVSA-2008:142</a></li><li>MISC - <a target="_blank" href="http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/">http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/</a></li><li>MISC - <a target="_blank" href="http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities">http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/</a></li><li>MISC - <a target="_blank" href="http://www.ruby-forum.com/topic/157034">http://www.ruby-forum.com/topic/157034</a></li><li>MISC - <a target="_blank" href="http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html">http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html</a></li><li>MISC - <a target="_blank" href="http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html">http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601">oval:org.mitre.oval:def:11601</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0561.html">RHSA-2008:0561</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020347">1020347</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30802">30802</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30867">30867</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30875">30875</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30894">30894</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31062">31062</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31181">31181</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31256">31256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562">SSA:2008-179-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/usn-621-1">USN-621-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1907/references">ADV-2008-1907</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1981/references">ADV-2008-1981</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/43345">ruby-rbstrbufappend-code-execution(43345)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs34">show all</a>)<ul><li class="vs34"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs34">...</li><li class="vs34 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs34 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (excluding) 1.8.5; versions up to (excluding) 1.8.5.231</a></li><li class="vs34 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.6; versions up to (excluding) 1.8.6.230</a></li><li class="vs34 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.7; versions up to (excluding) 1.8.7.22</a></li><li class="vs34 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.9.0; versions up to (excluding) 1.9.0.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2663">CVE-2008-2663</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-2663">suppress</button></p><p><pre>Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.</pre>CWE-190 Integer Overflow or Wraparound<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (10.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html">APPLE-SA-2008-06-30</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/29903">29903</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/493688/100/0/threaded">20080626 rPSA-2008-0206-1 ruby</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT2163">http://support.apple.com/kb/HT2163</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>CONFIRM - <a target="_blank" href="https://issues.rpath.com/browse/RPL-2626">https://issues.rpath.com/browse/RPL-2626</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1612">DSA-1612</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1618">DSA-1618</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:142">MDVSA-2008:142</a></li><li>MISC - <a target="_blank" href="http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/">http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/</a></li><li>MISC - <a target="_blank" href="http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities">http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/</a></li><li>MISC - <a target="_blank" href="http://www.ruby-forum.com/topic/157034">http://www.ruby-forum.com/topic/157034</a></li><li>MISC - <a target="_blank" href="http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html">http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html</a></li><li>MISC - <a target="_blank" href="http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html">http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524">oval:org.mitre.oval:def:10524</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0561.html">RHSA-2008:0561</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020347">1020347</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30802">30802</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30867">30867</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30875">30875</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30894">30894</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31062">31062</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31090">31090</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31181">31181</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31256">31256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562">SSA:2008-179-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/usn-621-1">USN-621-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1907/references">ADV-2008-1907</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1981/references">ADV-2008-1981</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/43346">ruby-rbarystore-code-execution(43346)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs35">show all</a>)<ul><li class="vs35"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs35">...</li><li class="vs35 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs35 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (excluding) 1.8.5; versions up to (excluding) 1.8.5.231</a></li><li class="vs35 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.6; versions up to (excluding) 1.8.6.230</a></li><li class="vs35 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.7; versions up to (excluding) 1.8.7.22</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10784">CVE-2017-10784</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-10784">suppress</button></p><p><pre>The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.</pre>CWE-287 Improper Authentication<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (9.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.8)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/100853">100853</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/">https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/">https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/">https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2017/dsa-4031">DSA-4031</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/201710-18">GLSA-201710-18</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html">[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2017:3485">RHSA-2017:3485</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0378">RHSA-2018:0378</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0583">RHSA-2018:0583</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0585">RHSA-2018:0585</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1039363">1039363</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1042004">1042004</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/3528-1/">USN-3528-1</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/3685-1/">USN-3685-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs36">show all</a>)<ul><li class="vs36"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.2.7</a></li><li class="vs36">...</li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.2.7</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0">cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.0%3Apreview2">cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.1">cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.2">cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.3">cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.3.4">cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0">cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview2">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Apreview3">cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.0%3Arc1">cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*</a></li><li class="vs36 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.4.1">cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7551">CVE-2015-7551</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2015-7551">suppress</button></p><p><pre>The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.6)</li><li>Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.4)</li><li>Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html">APPLE-SA-2016-03-21-5</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/76060">76060</a></li><li>CONFIRM - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344</a></li><li>CONFIRM - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html">http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a">https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a</a></li><li>CONFIRM - <a target="_blank" href="https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html">https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html</a></li><li>CONFIRM - <a target="_blank" href="https://puppet.com/security/cve/ruby-dec-2015-security-fixes">https://puppet.com/security/cve/ruby-dec-2015-security-fixes</a></li><li>CONFIRM - <a target="_blank" href="https://support.apple.com/HT206167">https://support.apple.com/HT206167</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/">https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:0583">RHSA-2018:0583</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs37">show all</a>)<ul><li class="vs37"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.0.0-p647</a></li><li class="vs37">...</li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.0.0-p647</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.0">cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.1">cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.2">cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.3">cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.4">cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.5">cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.6">cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.1.7">cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.2.0">cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.2.1">cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.2.2">cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*</a></li><li class="vs37 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.2.3">cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2664">CVE-2008-2664</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-2664">suppress</button></p><p><pre>The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html">APPLE-SA-2008-06-30</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/29903">29903</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/493688/100/0/threaded">20080626 rPSA-2008-0206-1 ruby</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT2163">http://support.apple.com/kb/HT2163</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>CONFIRM - <a target="_blank" href="https://issues.rpath.com/browse/RPL-2626">https://issues.rpath.com/browse/RPL-2626</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1612">DSA-1612</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1618">DSA-1618</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:142">MDVSA-2008:142</a></li><li>MISC - <a target="_blank" href="http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/">http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/</a></li><li>MISC - <a target="_blank" href="http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities">http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/</a></li><li>MISC - <a target="_blank" href="http://www.ruby-forum.com/topic/157034">http://www.ruby-forum.com/topic/157034</a></li><li>MISC - <a target="_blank" href="http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html">http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html</a></li><li>MISC - <a target="_blank" href="http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html">http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646">oval:org.mitre.oval:def:9646</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0561.html">RHSA-2008:0561</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020347">1020347</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30802">30802</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30867">30867</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30875">30875</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30894">30894</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31062">31062</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31090">31090</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31181">31181</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31256">31256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562">SSA:2008-179-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/usn-621-1">USN-621-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1907/references">ADV-2008-1907</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1981/references">ADV-2008-1981</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/43348">ruby-rbstrformat-code-execution(43348)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs38">show all</a>)<ul><li class="vs38"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs38">...</li><li class="vs38 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs38 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (excluding) 1.8.5; versions up to (excluding) 1.8.5.231</a></li><li class="vs38 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.6; versions up to (excluding) 1.8.6.230</a></li><li class="vs38 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.7; versions up to (excluding) 1.8.7.22</a></li><li class="vs38 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.9.0; versions up to (excluding) 1.9.0.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2725">CVE-2008-2725</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-2725">suppress</button></p><p><pre>Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.</pre>CWE-189 Numeric Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html">APPLE-SA-2008-06-30</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/29903">29903</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/493688/100/0/threaded">20080626 rPSA-2008-0206-1 ruby</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT2163">http://support.apple.com/kb/HT2163</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>CONFIRM - <a target="_blank" href="https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657">https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657</a></li><li>CONFIRM - <a target="_blank" href="https://issues.rpath.com/browse/RPL-2626">https://issues.rpath.com/browse/RPL-2626</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1612">DSA-1612</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1618">DSA-1618</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:142">MDVSA-2008:142</a></li><li>MISC - <a target="_blank" href="http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/">http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/</a></li><li>MISC - <a target="_blank" href="http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities">http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/</a></li><li>MISC - <a target="_blank" href="http://www.ruby-forum.com/topic/157034">http://www.ruby-forum.com/topic/157034</a></li><li>MISC - <a target="_blank" href="http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html">http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html</a></li><li>MISC - <a target="_blank" href="http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html">http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html</a></li><li>MISC - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727</a></li><li>MLIST - <a target="_blank" href="http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html">[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606">oval:org.mitre.oval:def:9606</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0561.html">RHSA-2008:0561</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020347">1020347</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30802">30802</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30867">30867</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30875">30875</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30894">30894</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31062">31062</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31090">31090</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31181">31181</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31256">31256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562">SSA:2008-179-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/usn-621-1">USN-621-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1907/references">ADV-2008-1907</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1981/references">ADV-2008-1981</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/43350">ruby-rbarysplice-code-execution(43350)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs39">show all</a>)<ul><li class="vs39"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs39">...</li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.5; versions up to (excluding) 1.8.5.231</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.6; versions up to (excluding) 1.8.6.230</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.7; versions up to (excluding) 1.8.7.22</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2726">CVE-2008-2726</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-2726">suppress</button></p><p><pre>Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.</pre>CWE-189 Numeric Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html">APPLE-SA-2008-06-30</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/29903">29903</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/493688/100/0/threaded">20080626 rPSA-2008-0206-1 ruby</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT2163">http://support.apple.com/kb/HT2163</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>CONFIRM - <a target="_blank" href="https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657">https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657</a></li><li>CONFIRM - <a target="_blank" href="https://issues.rpath.com/browse/RPL-2626">https://issues.rpath.com/browse/RPL-2626</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1612">DSA-1612</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1618">DSA-1618</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:142">MDVSA-2008:142</a></li><li>MISC - <a target="_blank" href="http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/">http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/</a></li><li>MISC - <a target="_blank" href="http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities">http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/</a></li><li>MISC - <a target="_blank" href="http://www.ruby-forum.com/topic/157034">http://www.ruby-forum.com/topic/157034</a></li><li>MISC - <a target="_blank" href="http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html">http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html</a></li><li>MISC - <a target="_blank" href="http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html">http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html</a></li><li>MLIST - <a target="_blank" href="http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html">[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959">oval:org.mitre.oval:def:9959</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0561.html">RHSA-2008:0561</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020347">1020347</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30802">30802</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30867">30867</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30875">30875</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30894">30894</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31062">31062</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31090">31090</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31181">31181</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31256">31256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562">SSA:2008-179-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/usn-621-1">USN-621-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1907/references">ADV-2008-1907</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1981/references">ADV-2008-1981</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/43351">ruby-rbarysplice-begrlen-code-execution(43351)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs40">show all</a>)<ul><li class="vs40"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs40">...</li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.4</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.5; versions up to (excluding) 1.8.5.231</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.6; versions up to (excluding) 1.8.6.230</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.8.7; versions up to (excluding) 1.8.7.22</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 1.9.0; versions up to (excluding) 1.9.0.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3656">CVE-2008-3656</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-3656">suppress</button></p><p><pre>Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2009/May/msg00002.html">APPLE-SA-2009-05-12</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/30644">30644</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/495884/100/0/threaded">20080831 rPSA-2008-0264-1 ruby</a></li><li>CERT - <a target="_blank" href="http://www.us-cert.gov/cas/techalerts/TA09-133A.html">TA09-133A</a></li><li>CONFIRM - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT3549">http://support.apple.com/kb/HT3549</a></li><li>CONFIRM - <a target="_blank" href="http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm">http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/">http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1651">DSA-1651</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1652">DSA-1652</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html">FEDORA-2008-8736</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html">FEDORA-2008-8738</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682">oval:org.mitre.oval:def:9682</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0897.html">RHSA-2008:0897</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020654">1020654</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31430">31430</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31697">31697</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32165">32165</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32219">32219</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32255">32255</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32256">32256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32371">32371</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/35074">35074</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/651-1/">USN-651-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/2334">ADV-2008-2334</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2009/1297">ADV-2009-1297</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44371">ruby-webrick-dos(44371)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs41">show all</a>)<ul><li class="vs41"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs41">...</li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.6.8">cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.0">cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1">cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1%3A-9">cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2">cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3">cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4">cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap11">cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap113">cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap115">cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap12">cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap2">cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap35">cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview5">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6">cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap110">cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap114">cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7">cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap17">cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap71">cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0">cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4815">CVE-2011-4815</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-4815">suppress</button></p><p><pre>Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.8)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2012/May/msg00001.html">APPLE-SA-2012-05-09-1</a></li><li>BUGTRAQ - <a target="_blank" href="http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html">20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table</a></li><li>CERT-VN - <a target="_blank" href="http://www.kb.cert.org/vuls/id/903934">VU#903934</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT5281">http://support.apple.com/kb/HT5281</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/">http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/</a></li><li>JVN - <a target="_blank" href="http://jvn.jp/en/jp/JVN90615481/index.html">JVN#90615481</a></li><li>JVNDB - <a target="_blank" href="http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html">JVNDB-2012-000066</a></li><li>MISC - <a target="_blank" href="http://www.nruns.com/_downloads/advisory28122011.pdf">http://www.nruns.com/_downloads/advisory28122011.pdf</a></li><li>MISC - <a target="_blank" href="http://www.ocert.org/advisories/ocert-2011-003.html">http://www.ocert.org/advisories/ocert-2011-003.html</a></li><li>MLIST - <a target="_blank" href="http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606">[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-0069.html">RHSA-2012:0069</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-0070.html">RHSA-2012:0070</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1026474">1026474</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/47405">47405</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/47822">47822</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72020">ruby-hash-dos(72020)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs42">show all</a>)<ul><li class="vs42"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-p352</a></li><li class="vs42">...</li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-p352</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p299">cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p302">cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p330">cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p334">cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3655">CVE-2008-3655</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-3655">suppress</button></p><p><pre>Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.</pre>CWE-264 Permissions, Privileges, and Access Controls<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2009/May/msg00002.html">APPLE-SA-2009-05-12</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/30644">30644</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/495884/100/0/threaded">20080831 rPSA-2008-0264-1 ruby</a></li><li>CERT - <a target="_blank" href="http://www.us-cert.gov/cas/techalerts/TA09-133A.html">TA09-133A</a></li><li>CONFIRM - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT3549">http://support.apple.com/kb/HT3549</a></li><li>CONFIRM - <a target="_blank" href="http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm">http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/">http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1651">DSA-1651</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1652">DSA-1652</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html">FEDORA-2008-8736</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html">FEDORA-2008-8738</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602">oval:org.mitre.oval:def:11602</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0895.html">RHSA-2008:0895</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0897.html">RHSA-2008:0897</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020656">1020656</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31430">31430</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31697">31697</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32165">32165</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32219">32219</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32255">32255</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32256">32256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32371">32371</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32372">32372</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/35074">35074</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/651-1/">USN-651-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/2334">ADV-2008-2334</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2009/1297">ADV-2009-1297</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44369">ruby-safelevel-security-bypass(44369)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs43">show all</a>)<ul><li class="vs43"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs43">...</li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.6.8">cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.0">cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1">cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1%3A-9">cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2">cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3">cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4">cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap11">cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap113">cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap115">cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap12">cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap2">cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap35">cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview5">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6">cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap110">cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap111">cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap114">cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap230">cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap286">cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap36">cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7">cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap17">cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap71">cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0">cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3657">CVE-2008-3657</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-3657">suppress</button></p><p><pre>The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2009/May/msg00002.html">APPLE-SA-2009-05-12</a></li><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/30644">30644</a></li><li>BUGTRAQ - <a target="_blank" href="http://www.securityfocus.com/archive/1/495884/100/0/threaded">20080831 rPSA-2008-0264-1 ruby</a></li><li>CERT - <a target="_blank" href="http://www.us-cert.gov/cas/techalerts/TA09-133A.html">TA09-133A</a></li><li>CONFIRM - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT3549">http://support.apple.com/kb/HT3549</a></li><li>CONFIRM - <a target="_blank" href="http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm">http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm</a></li><li>CONFIRM - <a target="_blank" href="http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264">http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/">http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1651">DSA-1651</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1652">DSA-1652</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html">FEDORA-2008-8736</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html">FEDORA-2008-8738</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793">oval:org.mitre.oval:def:9793</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0897.html">RHSA-2008:0897</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1020652">1020652</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31430">31430</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31697">31697</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32165">32165</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32219">32219</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32255">32255</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32256">32256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32371">32371</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/35074">35074</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/651-1/">USN-651-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/2334">ADV-2008-2334</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2009/1297">ADV-2009-1297</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44372">ruby-dl-security-bypass(44372)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs44">show all</a>)<ul><li class="vs44"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs44">...</li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.6.8">cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.0">cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1">cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1%3A-9">cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2">cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3">cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4">cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap11">cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap113">cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap115">cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap12">cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap2">cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Ap35">cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5%3Apreview5">cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6">cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap110">cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap114">cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7">cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap17">cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap71">cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0">cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6438">CVE-2014-6438</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2014-6438">suppress</button></p><p><pre>The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.</pre>CWE-399 Resource Management Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/ruby/www.ruby-lang.org/issues/817">https://github.com/ruby/www.ruby-lang.org/issues/817</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/">https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2015/07/13/6">[oss-security] 20150713 Re: Retroactive CVE request for Ruby 1.9.2-p330</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1032874">1032874</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs45"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.9.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9229">CVE-2017-9229</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2017-9229">suppress</button></p><p><pre>An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.</pre>CWE-476 NULL Pointer Dereference<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d">https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/kkos/oniguruma/issues/59">https://github.com/kkos/oniguruma/issues/59</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2018:1296">RHSA-2018:1296</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs46">show all</a>)<ul><li class="vs46"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li><li class="vs46">...</li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoniguruma_project%3Aoniguruma%3A6.2.0">cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*</a></li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aphp%3Aphp%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 7.1.5</a></li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3A%3A%7E%7E%7Eoniguruma-mod%7E%7E">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:* versions up to (including) 2.4.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25613">CVE-2020-25613</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2020-25613">suppress</button></p><p><pre>An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.</pre>CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7">https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20210115-0008/">https://security.netapp.com/advisory/ntap-20210115-0008/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/">https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/">FEDORA-2020-02ca18c2a0</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/">FEDORA-2020-fe2a7d7390</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/965267">https://hackerone.com/reports/965267</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs47">show all</a>)<ul><li class="vs47"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.5.8</a></li><li class="vs47">...</li><li class="vs47 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.5.8</a></li><li class="vs47 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.6</a></li><li class="vs47 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.1</a></li><li class="vs47 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Awebrick%3A%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:ruby-lang:webrick:*:*:*:*:*:ruby:*:* versions up to (including) 1.6.0</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5247">CVE-2020-5247</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2020-5247">suppress</button></p><p><pre>In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.</pre>CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v">https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/">FEDORA-2020-08092b4c97</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/">FEDORA-2020-a3f26a9387</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/">FEDORA-2020-fd87f90634</a></li><li>MISC - <a target="_blank" href="https://owasp.org/www-community/attacks/HTTP_Response_Splitting">https://owasp.org/www-community/attacks/HTTP_Response_Splitting</a></li><li>MISC - <a target="_blank" href="https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254">https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs48">show all</a>)<ul><li class="vs48"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.3.0</a></li><li class="vs48">...</li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apuma%3Apuma%3A%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:* versions up to (including) 3.12.3</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apuma%3Apuma%3A%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:* versions from (including) 4.0.0; versions up to (including) 4.3.2</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.3.0</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.4.7</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.5.0; versions up to (including) 2.5.6</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.4</a></li><li class="vs48 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.7.0%3Apreview1">cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28965">CVE-2021-28965</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2021-28965">suppress</button></p><p><pre>The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.</pre>CWE-611 Improper Restriction of XML External Entity Reference ('XXE')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20210528-0003/">https://security.netapp.com/advisory/ntap-20210528-0003/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/">FEDORA-2021-7b8b65bc7a</a></li><li>MISC - <a target="_blank" href="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs49">show all</a>)<ul><li class="vs49"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.7</a></li><li class="vs49">...</li><li class="vs49 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Arexml%3A%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:* versions up to (excluding) 3.2.5</a></li><li class="vs49 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.7</a></li><li class="vs49 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.3</a></li><li class="vs49 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.0.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28966">CVE-2021-28966</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2021-28966">suppress</button></p><p><pre>In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.</pre>CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20210902-0004/">https://security.netapp.com/advisory/ntap-20210902-0004/</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/1131465">https://hackerone.com/reports/1131465</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs50"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 3.0</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41819">CVE-2021-41819</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2021-41819">suppress</button></p><p><pre>CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.</pre>CWE-565 Reliance on Cookies without Validation and Integrity Checking<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20220121-0003/">https://security.netapp.com/advisory/ntap-20220121-0003/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/">https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/">FEDORA-2022-82a9edac27</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/">FEDORA-2022-8cf0124add</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/910552">https://hackerone.com/reports/910552</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs51">show all</a>)<ul><li class="vs51"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.6.8</a></li><li class="vs51">...</li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aopensuse%3Afactory%3A-">cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Asoftware_collections%3A-">cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Acgi%3A0.1.0%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:ruby-lang:cgi:0.1.0:*:*:*:*:ruby:*:*</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Acgi%3A0.2.0%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:ruby-lang:cgi:0.2.0:*:*:*:*:ruby:*:*</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Acgi%3A0.3.0%3A%3A%7E%7E%7Eruby%7E%7E">cpe:2.3:a:ruby-lang:cgi:0.3.0:*:*:*:*:ruby:*:*</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.6.8</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.5</a></li><li class="vs51 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.0.3</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28739">CVE-2022-28739</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2022-28739">suppress</button></p><p><pre>There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.</pre>CWE-125 Out-of-bounds Read<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/">https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/1248108">https://hackerone.com/reports/1248108</a></li><li>MISC - <a target="_blank" href="https://security-tracker.debian.org/tracker/CVE-2022-28739">https://security-tracker.debian.org/tracker/CVE-2022-28739</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs52">show all</a>)<ul><li class="vs52"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.10</a></li><li class="vs52">...</li><li class="vs52 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.10</a></li><li class="vs52 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.6</a></li><li class="vs52 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.0.4</a></li><li class="vs52 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 3.1.0; versions up to (excluding) 3.1.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0188">CVE-2011-0188</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-0188">suppress</button></p><p><pre>The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."</pre>CWE-189 Numeric Errors<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul><br/>References:<ul><li>APPLE - <a target="_blank" href="http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html">APPLE-SA-2011-03-21-1</a></li><li>CONFIRM - <a target="_blank" href="http://support.apple.com/kb/HT4581">http://support.apple.com/kb/HT4581</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=682332">https://bugzilla.redhat.com/show_bug.cgi?id=682332</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2011:097">MDVSA-2011:097</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2011:098">MDVSA-2011:098</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2011-0908.html">RHSA-2011:0908</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2011-0909.html">RHSA-2011:0909</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2011-0910.html">RHSA-2011:0910</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id?1025236">1025236</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs53">show all</a>)<ul><li class="vs53"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.9.2-p136</a></li><li class="vs53">...</li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.9.2-p136</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9">cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9%3Ar18423">cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0">cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0%3Ar18423">cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-0">cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-1">cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-2">cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-20060415">cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-20070709">cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1">cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p0">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p129">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p243">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p376">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p429">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-preview_1">cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-preview_2">cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-rc1">cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-rc2">cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2">cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*</a></li><li class="vs53 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2%3Adev">cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9096">CVE-2015-9096</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2015-9096">suppress</button></p><p><pre>Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.</pre>CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2017/dsa-3966">DSA-3966</a></li><li>MISC - <a target="_blank" href="http://www.mbsd.jp/Whitepaper/smtpi.pdf">http://www.mbsd.jp/Whitepaper/smtpi.pdf</a></li><li>MISC - <a target="_blank" href="https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee">https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee</a></li><li>MISC - <a target="_blank" href="https://github.com/rubysec/ruby-advisory-db/issues/215">https://github.com/rubysec/ruby-advisory-db/issues/215</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/137631">https://hackerone.com/reports/137631</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html">[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update</a></li></ul></p><p>Vulnerable Software & Versions:<ul><li class="vs54"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Arc1">cpe:2.3:a:ruby-lang:ruby:*:rc1:*:*:*:*:*:* versions up to (including) 2.4.0</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3905">CVE-2008-3905</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-3905">suppress</button></p><p><pre>resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.</pre>CWE-287 Improper Authentication<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/31699">31699</a></li><li>CONFIRM - <a target="_blank" href="http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm">http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/">http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1651">DSA-1651</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2008/dsa-1652">DSA-1652</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html">FEDORA-2008-8736</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html">FEDORA-2008-8738</a></li><li>GENTOO - <a target="_blank" href="http://security.gentoo.org/glsa/glsa-200812-17.xml">GLSA-200812-17</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2008/09/03/3">[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2008/09/04/9">[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability</a></li><li>OVAL - <a target="_blank" href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034">oval:org.mitre.oval:def:10034</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2008-0897.html">RHSA-2008:0897</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31430">31430</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32165">32165</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32219">32219</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32255">32255</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32256">32256</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32371">32371</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/32948">32948</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/33178">33178</a></li><li>SLACKWARE - <a target="_blank" href="http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754">SSA:2008-334-01</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/651-1/">USN-651-1</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/2334">ADV-2008-2334</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/45935">ruby-resolv-dns-spoofing(45935)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs55">show all</a>)<ul><li class="vs55"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs55">...</li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.5</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap286">cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:* versions up to (including) 1.8.6</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap71">cpe:2.3:a:ruby-lang:ruby:*:p71:*:*:*:*:*:* versions up to (including) 1.8.7</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ar18423">cpe:2.3:a:ruby-lang:ruby:*:r18423:*:*:*:*:*:* versions up to (including) 1.9</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.6">cpe:2.3:a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.6.8">cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.0">cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.1">cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.2">cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.3">cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.4">cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6">cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap110">cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap111">cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap114">cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap230">cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap36">cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7">cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap17">cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview1">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview2">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview3">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*</a></li><li class="vs55 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Apreview4">cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31810">CVE-2021-31810</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2021-31810">suppress</button></p><p><pre>An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).</pre>CWE-668 Exposure of Resource to Wrong Sphere<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.8)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20210917-0001/">https://security.netapp.com/advisory/ntap-20210917-0001/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/">FEDORA-2021-36cdab1f8d</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/1145454">https://hackerone.com/reports/1145454</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a></li><li>MISC - <a target="_blank" href="https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/">https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html">[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs56">show all</a>)<ul><li class="vs56"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.6.7</a></li><li class="vs56">...</li><li class="vs56 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Ajd_edwards_enterpriseone_tools">cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.6.1</a></li><li class="vs56 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.6.7</a></li><li class="vs56 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.3</a></li><li class="vs56 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.0.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16254">CVE-2019-16254</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2019-16254">suppress</button></p><p><pre>Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.</pre>CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.3)</li><li>Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/32">20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/31">20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/">https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/">https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/">https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/</a></li><li>CONFIRM - <a target="_blank" href="https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/">https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4586">DSA-4586</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4587">DSA-4587</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/202003-06">GLSA-202003-06</a></li><li>MISC - <a target="_blank" href="https://hackerone.com/reports/331984">https://hackerone.com/reports/331984</a></li><li>MISC - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html">https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html">[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html">[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html">openSUSE-SU-2020:0395</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs57">show all</a>)<ul><li class="vs57"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.3.0</a></li><li class="vs57">...</li><li class="vs57 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 2.3.0</a></li><li class="vs57 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.4.7</a></li><li class="vs57 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.5.0; versions up to (including) 2.5.6</a></li><li class="vs57 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.4</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1891">CVE-2008-1891</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2008-1891">suppress</button></p><p><pre>Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.</pre>CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/">http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</a></li><li>FEDORA - <a target="_blank" href="https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html">FEDORA-2008-5649</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:140">MDVSA-2008:140</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:141">MDVSA-2008:141</a></li><li>MISC - <a target="_blank" href="http://aluigi.altervista.org/adv/webrickcgi-adv.txt">http://aluigi.altervista.org/adv/webrickcgi-adv.txt</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/29794">29794</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/30831">30831</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/31687">31687</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html">SUSE-SR:2008:017</a></li><li>VUPEN - <a target="_blank" href="http://www.vupen.com/english/advisories/2008/1245/references">ADV-2008-1245</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/41824">ruby-webrick-cgi-info-disclosure(41824)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs58">show all</a>)<ul><li class="vs58"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.9.0</a></li><li class="vs58">...</li><li class="vs58 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.9.0</a></li><li class="vs58 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.5">cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*</a></li><li class="vs58 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6">cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2686">CVE-2011-2686</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-2686">suppress</button></p><p><pre>Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/49015">49015</a></li><li>CONFIRM - <a target="_blank" href="http://redmine.ruby-lang.org/issues/show/4338">http://redmine.ruby-lang.org/issues/show/4338</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog">http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/">http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=722415">https://bugzilla.redhat.com/show_bug.cgi?id=722415</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html">FEDORA-2011-9359</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html">FEDORA-2011-9374</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/11/1">[oss-security] 20110711 CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/12/14">[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/20/1">[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/20/16">[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/69032">ruby-random-number-dos(69032)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs59">show all</a>)<ul><li class="vs59"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-334</a></li><li class="vs59">...</li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-334</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap71">cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap72">cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-160">cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-173">cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-248">cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-249">cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-299">cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-302">cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-330">cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*</a></li><li class="vs59 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p21">cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2705">CVE-2011-2705</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-2705">suppress</button></p><p><pre>The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/49015">49015</a></li><li>CONFIRM - <a target="_blank" href="http://redmine.ruby-lang.org/issues/4579">http://redmine.ruby-lang.org/issues/4579</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog">http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog">http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/">http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/">http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=722415">https://bugzilla.redhat.com/show_bug.cgi?id=722415</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html">FEDORA-2011-9359</a></li><li>FEDORA - <a target="_blank" href="http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html">FEDORA-2011-9374</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/11/1">[oss-security] 20110711 CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/12/14">[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/20/1">[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/20/16">[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2011-1581.html">RHSA-2011:1581</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs60">show all</a>)<ul><li class="vs60"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-334</a></li><li class="vs60">...</li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby">cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to (including) 1.8.7-334</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap22">cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap71">cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7%3Ap72">cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-160">cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-173">cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-248">cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-249">cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-299">cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-302">cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-330">cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.7-p21">cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9">cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9%3Ar18423">cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0">cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0%3Ar18423">cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-0">cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-1">cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-2">cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-20060415">cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.0-20070709">cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1">cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p0">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p129">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p243">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p376">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-p429">cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-preview_1">cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-preview_2">cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-rc1">cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1%3A-rc2">cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2">cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2%3Adev">cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2-p136">cpe:2.3:a:ruby-lang:ruby:1.9.2-p136:*:*:*:*:*:*:*</a></li><li class="vs60 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2-p180">cpe:2.3:a:ruby-lang:ruby:1.9.2-p180:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3009">CVE-2011-3009</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2011-3009">suppress</button></p><p><pre>Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/49126">49126</a></li><li>MISC - <a target="_blank" href="http://redmine.ruby-lang.org/issues/show/4338">http://redmine.ruby-lang.org/issues/show/4338</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2011/07/20/1">[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes</a></li><li>REDHAT - <a target="_blank" href="http://www.redhat.com/support/errata/RHSA-2011-1581.html">RHSA-2011:1581</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2012-0070.html">RHSA-2012:0070</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/69157">ruby-random-number-weak-security(69157)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs61">show all</a>)<ul><li class="vs61"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap111">cpe:2.3:a:ruby-lang:ruby:*:p111:*:*:*:*:*:* versions up to (including) 1.8.6</a></li><li class="vs61">...</li><li class="vs61 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap111">cpe:2.3:a:ruby-lang:ruby:*:p111:*:*:*:*:*:* versions up to (including) 1.8.6</a></li><li class="vs61 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap110">cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*</a></li><li class="vs61 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.8.6%3Ap36">cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5371">CVE-2012-5371</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2012-5371">suppress</button></p><p><pre>Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.</pre>CWE-310 Cryptographic Issues<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/56484">56484</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/">http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/</a></li><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=875236">https://bugzilla.redhat.com/show_bug.cgi?id=875236</a></li><li>MISC - <a target="_blank" href="http://2012.appsec-forum.ch/conferences/#c17">http://2012.appsec-forum.ch/conferences/#c17</a></li><li>MISC - <a target="_blank" href="http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf">http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf</a></li><li>MISC - <a target="_blank" href="http://www.ocert.org/advisories/ocert-2012-001.html">http://www.ocert.org/advisories/ocert-2012-001.html</a></li><li>MISC - <a target="_blank" href="https://www.131002.net/data/talks/appsec12_slides.pdf">https://www.131002.net/data/talks/appsec12_slides.pdf</a></li><li>OSVDB - <a target="_blank" href="http://www.osvdb.org/87280">87280</a></li><li>SECTRACK - <a target="_blank" href="http://securitytracker.com/id?1027747">1027747</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/51253">51253</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-1733-1">USN-1733-1</a></li><li>XF - <a target="_blank" href="https://exchange.xforce.ibmcloud.com/vulnerabilities/79993">ruby-hash-function-dos(79993)</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs62">show all</a>)<ul><li class="vs62"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap286">cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:* versions up to (including) 1.9.3</a></li><li class="vs62">...</li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap286">cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:* versions up to (including) 1.9.3</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9">cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1">cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2">cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.3">cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.3%3Ap0">cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.3%3Ap125">cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.3%3Ap194">cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*</a></li><li class="vs62 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A2.0">cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1821">CVE-2013-1821</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="net-imap:0.2.2" data-sha1="5d4f5c06a92f8c911448081e329034a23642798e" data-pkgurl="pkg:gem/net-imap@0.2.2" data-type-to-suppress="cve" data-id-to-suppress="CVE-2013-1821">suppress</button></p><p><pre>lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/58141">58141</a></li><li>CONFIRM - <a target="_blank" href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html">http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html</a></li><li>CONFIRM - <a target="_blank" href="http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/">http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/</a></li><li>CONFIRM - <a target="_blank" href="https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092">https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2013/dsa-2738">DSA-2738</a></li><li>DEBIAN - <a target="_blank" href="http://www.debian.org/security/2013/dsa-2809">DSA-2809</a></li><li>MANDRIVA - <a target="_blank" href="http://www.mandriva.com/security/advisories?name=MDVSA-2013:124">MDVSA-2013:124</a></li><li>MISC - <a target="_blank" href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525</a></li><li>MISC - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=914716">https://bugzilla.redhat.com/show_bug.cgi?id=914716</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2013/03/06/5">[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-0611.html">RHSA-2013:0611</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-0612.html">RHSA-2013:0612</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-1028.html">RHSA-2013:1028</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-1147.html">RHSA-2013:1147</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/52783">52783</a></li><li>SECUNIA - <a target="_blank" href="http://secunia.com/advisories/52902">52902</a></li><li>SLACKWARE - <a target="_blank" href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862">SSA:2013-075-01</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html">SUSE-SU-2013:0609</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html">SUSE-SU-2013:0647</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html">openSUSE-SU-2013:0603</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html">openSUSE-SU-2013:0614</a></li><li>UBUNTU - <a target="_blank" href="http://www.ubuntu.com/usn/USN-1780-1">USN-1780-1</a></li></ul></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs63">show all</a>)<ul><li class="vs63"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap385">cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:* versions up to (including) 1.9.3</a></li><li class="vs63">...</li><li class="vs63 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A%3Ap385">cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:* versions up to (including) 1.9.3</a></li><li class="vs63 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9">cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*</a></li><li class="vs63 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.1">cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*</a></li><li class="vs63 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.2">cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*</a></li><li class="vs63 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aruby-lang%3Aruby%3A1.9.3">cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*</a></li><li class="vs63 hidden">< |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment