15 matches found
CVE-2026-47242
Net::IMAP (Ruby) CVE-2026-47242 affects versions before 0.6.5 and 0.5.15. The vulnerability arises because Net::IMAP#id (with a hash argument) and Net::IMAP#enable do not properly validate arguments, allowing CRLF or atom-list injections and causing the #to_s value to be sent verbatim. An attacke...
MAL-2026-5703 Malicious code in eslint-plugin-mistica-local-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...
GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument
Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...
PT-2026-48342
Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description The Net::IMAPid and Net::IMAPenable functions do not properly validate their arguments. When Net::IMAPid is called with a hash argument, it fails to prohibit CRLF...
Net::IMAP: Command Injection via ID command argument
Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...
Linux Distros Unpatched Vulnerability : CVE-2026-35370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to...
ImapEngine affected by command injection via the ID command parameters
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...
EUVD-2021-13127
Malware in sbrugna...
AZL-74655 CVE-2022-50467 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...
SUSE CVE-2021-26321
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...
CVE-2021-26321
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...
CVE-2021-26321
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...
CVE-2021-26321
CVE-2021-26321 corresponds to an insufficient ID command validation in the AMD SEV Firmware that can allow a local authenticated attacker to cause a denial of service of the Platform Security Processor (PSP). The vulnerability affects AMD EPYC platforms (1st–3rd Gen) with SEV/ASP components; the ...
Successful Shell Attack Detected - IRIX 'id' Command
Binary data 6135.prm...
Authentication Capture: IMAP
This module provides a fake IMAP service that is designed to capture authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture: IMAP', 'Description' = %...