Lucene search
K

267 matches found

CVE
CVE
added 2026/06/22 8:17 p.m.49 views

CVE-2026-47240

Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a “raw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:17 p.m.23 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS0.00491EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:11 p.m.4 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 8:11 p.m.27 views

CVE-2026-47241

Net::IMAP in Ruby (affected: before 0.6.5 and 0.5.15) validates CRLF but may send a user-controlled raw string verbatim, allowing a subsequent command to be absorbed as a continuation of the first. This can cause the first command to fail and block further responses until another command is issue...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.12 views

Ruby net-imap < 0.5.15 / 0.6.x < 0.6.4.1 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.5.15, or 0.6.x prior to 0.6.4.1. It is, therefore, affected by multiple vulnerabilities. - Several Net::IMAP commands accept a raw data argument that is sent verbatim after validation to prevent command injection...

5.8CVSS6AI score0.00491EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 5:24 p.m.8 views

USN-8431-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption...

9.8CVSS5.6AI score0.00429EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 8:31 p.m.10 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands id and enable. An attacker can inject arbitrary IMAP commands by supplying specially crafted input containing CRLF sequences as arguments. This may allo...

5.9CVSS6.2AI score0.00131EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/09 8:31 p.m.15 views

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score0.00131EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 8:31 p.m.8 views

GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score0.00131EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/09 6:36 p.m.11 views

Collapse of Data into Unsafe Value

Overview Affected versions of this package are vulnerable to Collapse of Data into Unsafe Value incomplete validation of raw string arguments in certain IMAP command parameters such as criteria, searchkeys and attr. An attacker can cause commands to hang or trigger timeouts by supplying specially...

5.9CVSS5.9AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:36 p.m.15 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands such as criteria, searchkeys and attr. An attacker can execute arbitrary IMAP commands by injecting CRLF sequences into user-controlled input, which are...

8.3CVSS6.2AI score0.00491EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48342

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description The Net::IMAPid and Net::IMAPenable functions do not properly validate their arguments. When Net::IMAPid is called with a hash argument, it fails to prohibit CRLF...

5.8CVSS6.1AI score0.00131EPSS
Exploits0References8
RubySec
RubySec
added 2026/06/09 12:0 a.m.12 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.12 views

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.4AI score0.00131EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.11 views

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : ruby4.0, ruby4.0-bundled-gems, ruby4.0-default-gems (ALAS2023-2026-1806)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1806 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause...

7.6CVSS5.6AI score0.00813EPSS
Exploits0References6
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: ruby4.0

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in...

9.8CVSS5.4AI score0.00813EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42258

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

9.8CVSS5.3AI score0.00813EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.3AI score0.00324EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-42256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0...

6.5CVSS5.9AI score0.00299EPSS
Exploits0References4
Rows per page
Query Builder