4876 matches found
Important: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Comman...
Important: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments CVE-2026-42258 net-imap: ruby: Net::IMAP: Information...
RHEL 10 : ruby (RHSA-2026:33565)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33565 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 9 : ruby (RHSA-2026:33462)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33462 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 8 : ruby:3.3 (RHSA-2026:33515)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33515 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
ALSA-2026:33512 Important: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments CVE-2026-42258 net-imap: ruby: Net::IMAP: Information...
USN-8478-1: Ruby vulnerabilities
It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...
Linux Distros Unpatched Vulnerability : CVE-2026-47240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw data...
Linux Distros Unpatched Vulnerability : CVE-2026-47241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw stri...
Linux Distros Unpatched Vulnerability : CVE-2026-47242
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
SUSE CVE-2026-42246
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...
PT-2026-52540
Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...
CVE-2026-47242
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...
CVE-2026-47240
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...
CVE-2026-47241
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...
DEBIAN-CVE-2026-47241
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...
DEBIAN-CVE-2026-47242
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...
DEBIAN-CVE-2026-47240
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...
UBUNTU-CVE-2026-47240
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...