Lucene search
K

267 matches found

CVE
CVE
added 2026/05/09 7:40 p.m.32 views

CVE-2026-42258

Net::IMAP (Ruby) is affected by CVE-2026-42258: before versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments passed to IMAP commands can be used for CRLF/command injection. The IBM Aspera Shares bulletin and multiple security trackers confirm this vulnerability in Net::IMAP and note patches in 0.4...

7.1CVSS5.7AI score0.00813EPSS
Exploits0References24Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:40 p.m.9 views

CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.8CVSS5.7AI score0.00813EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/09 7:39 p.m.39 views

CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

5.8CVSS0.00429EPSS
Exploits0References4
CVE
CVE
added 2026/05/09 7:39 p.m.34 views

CVE-2026-42257

CVE-2026-42257 affects the Ruby Net::IMAP library where, prior to versions 0.4.24, 0.5.14, and 0.6.4, several IMAP commands accept a raw string argument sent to the server without validation or escaping. If derived from user input, this can include CRLF sequences and allow injection of arbitrary ...

9.8CVSS5.8AI score0.00429EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/09 7:39 p.m.7 views

EUVD-2026-28926

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

5.8CVSS5.8AI score0.00429EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/09 7:38 p.m.8 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:38 p.m.14 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/05/09 7:37 p.m.43 views

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS0.0041EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/09 7:37 p.m.7 views

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS5.7AI score0.0041EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:37 p.m.6 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS5.7AI score0.0041EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/09 7:37 p.m.10 views

EUVD-2026-28923

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS5.7AI score0.0041EPSS
Exploits0References7
CVE
CVE
added 2026/05/09 7:37 p.m.50 views

CVE-2026-42245

Net::IMAP (Ruby) is affected by a performance vulnerability in Net::IMAP::ResponseReader, where reading large responses with many string literals causes quadratic time complexity. This can be exploited by a hostile server to exhaust the client’s CPU, leading to a denial of service. The issue has ...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/09 7:33 p.m.47 views

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS0.00324EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/09 7:33 p.m.7 views

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/09 7:33 p.m.8 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00324EPSS
Exploits0
EUVD
EUVD
added 2026/05/09 7:33 p.m.9 views

EUVD-2026-28924

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:33 p.m.8 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/09 7:33 p.m.56 views

CVE-2026-42246

Net::IMAP (Ruby) versions before 0.3.10, 0.4.24, 0.5.14, and 0.6.4 are affected by a STARTTLS stripping issue. A man-in-the-middle attacker can cause Net::IMAP#starttls to report a successful TLS upgrade without actually enabling TLS, leaving the socket unencrypted. The vulnerability is mitigated...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References31Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.5 views

Improper Transport Layer Protection

net-imap is vulnerable to Improper Transport Layer Protection. The vulnerability is due to improper validation of the STARTTLS negotiation, where a man-in-the-middle attacker can cause Net::IMAPstarttls to report a successful TLS upgrade without establishing encryption, allowing interception of...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References31Affected Software1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.9 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.3.10, 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for man-in-the-middle attackers to cause...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder