Lucene search
K

38 matches found

RedHat Linux
RedHat Linux
added 6 hours ago4 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 6 days ago6 views

ALSA-2026:33577 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Comman...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 9:0 a.m.12 views

SUSE-SU-2026:2645-1 Security update for dovecot22

This update for dovecot22 fixes the following issues - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40020: IMAP folders can be shared-spammed to everyone bsc1265149. - CVE-2026-42006: imap-login: uncontrolled memory usage with excessive...

7.5CVSS5.7AI score0.00454EPSS
Exploits0References7
NVD
NVD
added 2026/06/22 9:16 p.m.10 views

CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 2:27 a.m.12 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.3 Vulnerability Details CVEID:CVE-2026-42245 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4,...

9.8CVSS7AI score0.61469EPSS
Exploits40Affected Software5
Fedora
Fedora
added 2026/05/15 9:9 p.m.17 views

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits41
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.15 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/09 7:37 p.m.9 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0
OSV
OSV
added 2026/03/27 12:16 p.m.9 views

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

5.9CVSS5.8AI score0.00315EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/25 7:27 p.m.47 views

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

6AI score
Exploits0
Ubuntu
Ubuntu
added 2026/03/19 5:20 a.m.12 views

USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

6.3CVSS7.2AI score0.00708EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/12 1:40 p.m.6 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS5.7AI score0.00315EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : cyrus-imapd-2.3.16-6.AXS4.3 (AXSA:2011-675:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-675:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...

7.5CVSS9.2AI score0.16334EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12559

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.00409EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.7 views

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1967)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

6.5CVSS6.4AI score0.00409EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:38 p.m.6 views

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...

7.8CVSS6.9AI score0.03461EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.2 views

SUSE CVE-2003-0297

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...

7.5CVSS8.1AI score0.02741EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.4 views

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen. A security vulnerability exists in Axigen version 10.3.3.52, which stems from a two-step authentication issue that allows an attacker to access mailboxes without any CAPTCHA by bypassing the two-step authentication usi...

9.8CVSS8.3AI score0.00948EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2022/06/09 7:0 a.m.5 views

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).

...

8.1CVSS6.8AI score0.01914EPSS
Exploits1
Rows per page
Query Builder