CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

ATTACKERKB•added 2026/05/09 7:33 p.m.•3 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00016EPSS

Exploits0References9Affected Software1

Github Security Blog•added 2026/05/04 10:1 p.m.•1 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.9AI score0.00016EPSS

Exploits0References14Affected Software1

RubySec•added 2026/05/04 12:0 a.m.•5 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

7.6CVSS5.8AI score0.00016EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 8 : thunderbird-78.12.0-3.el8.ML.1 (AXSA:2021-2308:14)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2308:14 advisory. Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 Mozilla: Use-after-free in accessibility features ...

8.8CVSS8.4AI score0.02512EPSS

Exploits1References5

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.25071EPSS

Exploits3References5

Tenable Nessus•added 2026/01/14 12:0 a.m.•3 views

MiracleLinux 4 : cyrus-imapd-2.3.16-6.AXS4.3 (AXSA:2011-675:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-675:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...

7.5CVSS9.2AI score0.32222EPSS

Exploits1References3