Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2018-16395
- EPSS 4.42%
- Published 16.11.2018 18:29:00
- Last modified 21.11.2024 03:52:40
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...
7.5
CVE-2016-7798
- EPSS 0.6%
- Published 30.01.2017 22:59:00
- Last modified 20.04.2025 01:37:25
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
1