290 matches found
MiracleLinux 9 : ruby:3.3 (AXSA:2025-9954:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9954:01 advisory. net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 uri:...
MiracleLinux 8 : ruby:3.3 (AXSA:2025-10474:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10474:01 advisory. net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 uri:...
net-imap rubygem vulnerable to possible DoS by memory exhaustion
...
TencentOS Server 4: ruby (TSSA-2025:0467)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0467 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
EUVD-2025-4076
Malicious code in bioql PyPI...
EUVD-2025-12559
Malicious code in bioql PyPI...
ruby security update
An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-2140)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2084)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2112)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-2056)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-2025)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
Medium: ruby3.2
Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...
Security Bulletin: Astronomer with IBM is vulnerable to memory exhaustion due to the Net::IMAP package (CVE-2025-43857)
Summary Net::IMAP is used by Astronomer with IBM as part of the IMAP client functionality. Vulnerability Details CVEID:CVE-2025-43857 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a...
ruby:3.3 security update
An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
A flaw was found in Ruby's net-imap library. In certain versions, there is a possibility for denial of service by memory exhaustion in the net-imap response parser. At any time while the client is connected, a malicious server can send highly compressed uid-set data, which is automatically read b...
PT-2026-36987
Name of the Vulnerable Software and Affected Versions net-imap affected versions not specified Description A hostile IMAP server can trigger a computational denial-of-service attack on the client process during authentication using SCRAM-SHA1 or SCRAM-SHA256. By sending an arbitrarily large PBKDF...
PT-2026-37183
Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.3.10 Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description A man-in-the-middle attacker can cause the starttls function to return successfully without...
ROS-20250619-02
A vulnerability in the Net::IMAP module of the Ruby programming language is related to uncontrolled memory allocation. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...