Lucene search
K

165 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: fetchmail (UTSA-2026-017438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017438 advisory. Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Tenable has extracted...

5.9CVSS6.3AI score0.00925EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017570 advisory. When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back...

5.9CVSS6.8AI score0.02799EPSS
Exploits1References4
OSV
OSV
added 2026/05/09 8:16 p.m.4 views

DEBIAN-CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

9.8CVSS5.9AI score0.00429EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 8:16 p.m.6 views

DEBIAN-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 8:16 p.m.4 views

DEBIAN-CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.4CVSS5.7AI score0.00324EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/09 8:16 p.m.16 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/09 7:40 p.m.24 views

EUVD-2026-28927

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.8CVSS5.7AI score0.00813EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 9:47 a.m.13 views

CVE-2026-43860

A flaw was found in mutt. During the IMAP CRAM-MD5 Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5 authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 9:47 a.m.13 views

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 10:31 a.m.10 views

CLSA-2026-1777977059 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2026/05/04 10:4 p.m.4 views

GHSA-HM49-WCQC-G2XG net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

5.8CVSS5.6AI score0.00429EPSS
Exploits0References12
OSV
OSV
added 2026/05/04 10:2 p.m.19 views

GHSA-Q2MW-FVJ9-VVCW net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...

2.3CVSS5.8AI score0.0041EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/04 5:45 a.m.23 views

EUVD-2026-26896

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 5:41 a.m.34 views

EUVD-2026-26895

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:41 a.m.6 views

CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36772

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The software sometimes uses the strfcpy function instead of memcpy when handling the IMAP auth cram MD5 digest. This occurs during the authentication process for IMAP servers using the CRAM-MD5 mechanis...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References29
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-36986

Name of the Vulnerable Software and Affected Versions Net::IMAP affected versions not specified Description Net::IMAP::ResponseReader exhibits quadratic time complexity when processing large responses containing numerous string literals. A hostile server can send specially crafted responses that...

7.6CVSS5.9AI score0.00813EPSS
Exploits0References49
RedhatCVE
RedhatCVE
added 2026/04/30 1:37 p.m.5 views

CVE-2026-4873

A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection via IMAP, SMTP, or POP3 and then making a subsequent request to the same host that requires Transport Layer Security TLS. Due to incorrect connection reuse, the subsequent request would bypass t...

5.9CVSS5.5AI score0.00329EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/21 4:4 p.m.28 views

CVE-2026-40566 FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS0.00291EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/15 2:7 p.m.4 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References5
Rows per page
Query Builder