Lucene search
+L

150 matches found

fedora
fedora
added yesterday8 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.17-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

7.2CVSS6.1AI score0.00276EPSS
Exploits0
redhat
redhat
added 2026/06/30 3:47 p.m.7 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
redhat
redhat
added 2026/06/30 2:25 p.m.2 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
cve
cve
added 2026/06/08 3:5 p.m.39 views

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
amazon
amazon
added 2026/06/08 12:0 a.m.11 views

Important: ruby3.4

Issue Overview: zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously...

9.8CVSS7.5AI score0.00813EPSS
Exploits0
osv
osv
added 2026/05/09 8:16 p.m.8 views

UBUNTU-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/05/09 7:39 p.m.7 views

CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

5.8CVSS5.8AI score0.00429EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2026/05/09 7:39 p.m.8 views

CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

9.8CVSS5.8AI score0.00429EPSS
Exploits0
cvelist
cvelist
added 2026/05/09 7:38 p.m.39 views

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS0.00299EPSS
Exploits0References7
fedora
fedora
added 2026/04/25 1:53 a.m.7 views

[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc6-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

8.2CVSS5.3AI score0.00402EPSS
Exploits0
redhat
redhat
added 2026/03/23 2:53 a.m.15 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7.2AI score0.0036EPSS
Exploits0References7
fedora
fedora
added 2025/12/25 12:53 a.m.12 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

7.5CVSS7AI score0.19769EPSS
Exploits1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0292

Malware in sbrugna...

7.5CVSS6.1AI score0.02741EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-0294

Malware in sbrugna...

7.5CVSS6.4AI score0.02105EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-0293

Malware in sbrugna...

7.5CVSS6.4AI score0.01939EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2003-0297

Malware in sbrugna...

5CVSS6.4AI score0.01197EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0291

Malware in sbrugna...

7.5CVSS6.4AI score0.02162EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2003-0295

Malware in sbrugna...

5CVSS6.4AI score0.03359EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-0296

Malware in sbrugna...

5CVSS6.4AI score0.05978EPSS
Exploits0References2
ibm
ibm
added 2025/08/11 1:41 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to memory exhaustion due to the Net::IMAP package (CVE-2025-43857)

Summary Net::IMAP is used by Astronomer with IBM as part of the IMAP client functionality. Vulnerability Details CVEID:CVE-2025-43857 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a...

6.5CVSS6.9AI score0.00412EPSS
Exploits0Affected Software1
Rows per page
Query Builder