Lucene search
K

105 matches found

RedHat Linux
RedHat Linux
added 2 days ago2 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS6AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2 days ago2 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/07/07 7:1 a.m.14 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 2:7 p.m.7 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.1AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 6:39 a.m.8 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/07/05 12:5 p.m.5 views

RLSA-2026:33565 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Comman...

7.4CVSS5.9AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/03 11:16 a.m.2 views

net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input

A flaw was found in Net::IMAP before 0.4.24, 0.5.14, and 0.6.4. Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 8:25 a.m.6 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 4:2 p.m.5 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 11:5 a.m.12 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
NVD
NVD
added 2026/06/22 9:16 p.m.13 views

CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 8:17 p.m.3 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.22 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/15 5:24 p.m.15 views

USN-8431-1: Ruby vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption...

9.8CVSS5.6AI score0.00429EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.14 views

SUSE CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.3CVSS5.3AI score0.00813EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/09 6:36 p.m.14 views

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/05/28 1:13 a.m.22 views

[SECURITY] Fedora 44 Update: nginx-1.30.2-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thunderbird

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses before the STARTTLS handshake was completed, then Thunderbird did not ignore the injected data. This could result in Thunderbird displaying incorrect information. For example, the...

5.9CVSS7.1AI score0.012EPSS
Exploits0References2
Rows per page
Query Builder