Lucene search
+L

290 matches found

UbuntuCve
UbuntuCve
added 2025/02/10 4:15 p.m.9 views

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.9AI score0.00608EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/10 3:55 p.m.18 views

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.3AI score0.00608EPSS
Exploits0References4
CVE
CVE
added 2025/02/10 3:55 p.m.318 views

CVE-2025-25186

CVE-2025-25186 concerns Net::IMAP in Ruby. The DoS arises from the IMAP response parser reading highly compressed uid-set data without limiting expansion, potentially exhausting memory while a client remains connected. Fixed in versions 0.3.8, 0.4.19, 0.5.6, and later; affected range includes 0.3...

6.5CVSS6.2AI score0.00608EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/10 3:55 p.m.21 views

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS0.00608EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/02/10 3:55 p.m.11 views

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.6AI score0.00608EPSS
Exploits0
OSV
OSV
added 2025/02/10 3:55 p.m.12 views

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.9AI score0.00608EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.7 views

PT-2025-6069

Name of the Vulnerable Software and Affected Versions Net::IMAP versions 0.3.2 through 0.3.7 Net::IMAP versions 0.4.0 through 0.4.18 Net::IMAP versions 0.5.0 through 0.5.5 Description There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time whil...

7.5CVSS6.9AI score0.02064EPSS
Exploits1References81
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client api for the Message Access Protocol in the Ruby open source. A security vulnerability in Net::IMAP version 0.3.2 through versions prior to 0.3.8, 0.4.19, and 0.5.6, which stems from the response parser's unrestricted conversion of uid-set data, allows a malicious server...

6.5CVSS6.7AI score0.00608EPSS
Exploits0References5
RubySec
RubySec
added 2025/02/10 12:0 a.m.39 views

Possible DoS by memory exhaustion in net-imap

Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...

6.5CVSS6.4AI score0.00608EPSS
Exploits0References1Affected Software1
Redos
Redos
added 2024/07/24 12:0 a.m.26 views

ROS-20240723-03

Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...

7.4CVSS7.2AI score0.0305EPSS
Exploits2
OSV
OSV
added 2024/03/06 11:5 a.m.37 views

BIT-RUBY-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS7.5AI score0.02909EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.97 views

CentOS 9 : ruby-3.0.2-155.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.2-155.el9 build changelog. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, whic...

9.3CVSS7.6AI score0.06307EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.36 views

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

7.4CVSS7.6AI score0.0305EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.30 views

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2023-1292)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and...

7.5CVSS7.9AI score0.04127EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2022/03/09 12:0 a.m.41 views

Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-3179...

7.4CVSS7.1AI score0.0305EPSS
Exploits2References4
Oracle linux
Oracle linux
added 2022/03/08 12:0 a.m.61 views

ruby:2.5 security update

ruby 2.5.9-109.0.1 - Rebuild with a dependency containing fix for Orabug: 33921593 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in...

7.4CVSS1.2AI score0.0305EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/03/01 12:0 a.m.29 views

Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799...

7.4CVSS7.1AI score0.0305EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/02/28 7:0 p.m.90 views

Important: Red Hat Security Advisory: rh-ruby26-ruby security, bug fix, and enhancement update

An update for rh-ruby26-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.3CVSS6.6AI score0.06307EPSS
Exploits5References8
Oracle linux
Oracle linux
added 2022/02/28 12:0 a.m.53 views

ruby:2.5 security update

ruby 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause...

7.4CVSS0.9AI score0.0305EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/02/24 3:40 p.m.93 views

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.4CVSS6.7AI score0.0305EPSS
Exploits2References4
Rows per page
Query Builder