Lucene search
K

4867 matches found

Tenable Nessus
Tenable Nessus
β€’added 2026/06/29 12:0 a.m.β€’9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw data...

5.8CVSS6.2AI score0.00491EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
β€’added 2026/06/25 6:1 p.m.β€’5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
SUSE CVE
SUSE CVE
β€’added 2026/06/25 2:22 a.m.β€’8 views

SUSE CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.4CVSS5.8AI score0.00324EPSS
Exploits0References10
Positive Technologies
Positive Technologies
β€’added 2026/06/25 12:0 a.m.β€’14 views

PT-2026-52540

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References6
NVD
NVD
β€’added 2026/06/22 9:16 p.m.β€’13 views

CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’4 views

DEBIAN-CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS5.9AI score0.00131EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’5 views

DEBIAN-CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.8AI score0.00239EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 9:16 p.m.β€’10 views

CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS0.00491EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 9:16 p.m.β€’13 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’5 views

DEBIAN-CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’3 views

UBUNTU-CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS5.9AI score0.00131EPSS
Exploits0References3
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’5 views

UBUNTU-CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.8AI score0.00239EPSS
Exploits0References3
OSV
OSV
β€’added 2026/06/22 9:16 p.m.β€’4 views

UBUNTU-CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References3
CVE
CVE
β€’added 2026/06/22 8:19 p.m.β€’42 views

CVE-2026-47242

Net::IMAP (Ruby) CVE-2026-47242 affects versions before 0.6.5 and 0.5.15. The vulnerability arises because Net::IMAP#id (with a hash argument) and Net::IMAP#enable do not properly validate arguments, allowing CRLF or atom-list injections and causing the #to_s value to be sent verbatim. An attacke...

5.8CVSS6AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
β€’added 2026/06/22 8:19 p.m.β€’27 views

CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 8:19 p.m.β€’4 views

CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS6.1AI score0.00131EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 2026/06/22 8:17 p.m.β€’24 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS0.00491EPSS
Exploits0References1
CVE
CVE
β€’added 2026/06/22 8:17 p.m.β€’49 views

CVE-2026-47240

Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a β€œraw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 8:11 p.m.β€’4 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
β€’added 2026/06/22 8:11 p.m.β€’28 views

CVE-2026-47241

Net::IMAP in Ruby (affected: before 0.6.5 and 0.5.15) validates CRLF but may send a user-controlled raw string verbatim, allowing a subsequent command to be absorbed as a continuation of the first. This can cause the first command to fail and block further responses until another command is issue...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder