Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

GHSA-VCGP-9326-PQCP net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

PT-2026-37183

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.3.10 Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description A man-in-the-middle attacker can cause the starttls function to return successfully without...

MiracleLinux 8 : ruby:2.5 (AXSA:2022-3087:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3087:01 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

Linux Distros Unpatched Vulnerability : CVE-2016-0772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allo...

Amazon Linux 2 : ruby (ALAS-2024-2570)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2570 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...

Debian dla-3408 : jruby - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3408 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected]...

Debian: Security Advisory (DLA-522-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

SUSE CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

GHSA-66PQ-HQV5-228G Smack allows the bypass of TLS protections

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

SUSE-SU-2022:1512-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion bsc1198441. - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods bsc1193035. - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in...

SUSE: Security Advisory (SUSE-SU-2022:1512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...