Lucene search
K

141 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 8:25 a.m.6 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 11:5 a.m.11 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 11:21 p.m.5 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.22 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.14 views

SUSE CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.3CVSS5.3AI score0.00813EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/09 6:36 p.m.14 views

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References6Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

cve-2026-41714 - MEDIUM - In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

cve-2026-41714 - MEDIUM - In Spring AMQP the RabbitConnectionFactoryBean.setUri"amqps://..." bypasses secure SSL setup, uses TrustEverythingTrustManager...

4CVSS6.1AI score0.00132EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7423

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

7CVSS5.8AI score0.00346EPSS
Exploits0References13
NVD
NVD
added 2026/05/29 9:16 a.m.14 views

CVE-2026-49199

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

10CVSS0.01338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 8:38 a.m.39 views

CVE-2026-49199 Predator Connect W6x: RCE via MQTT

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

10CVSS0.01338EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:38 a.m.14 views

EUVD-2026-33269

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

10CVSS6.2AI score0.01338EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:3 a.m.10 views

ipv4: icmp: validate reply type before using icmp_pointers

...

8.2CVSS5.4AI score0.00433EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.14 views

SUSE CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References18
OSV
OSV
added 2026/05/27 12:56 p.m.1 views

CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS6.5AI score0.00433EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the lack of validation when ICMP reply types exceed the range of the icmppointers array, potentially...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thunderbird

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses before the STARTTLS handshake was completed, then Thunderbird did not ignore the injected data. This could result in Thunderbird displaying incorrect information. For example, the...

5.9CVSS7.1AI score0.012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 4:8 p.m.13 views

CVE-2026-42245

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References10
Rows per page
Query Builder