Lucene search
K

7 matches found

CVE
CVE
added 2026/06/22 8:17 p.m.38 views

CVE-2026-47240

Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a “raw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.19 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/09 6:36 p.m.12 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

9.8CVSS5.7AI score0.00429EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/09 6:36 p.m.5 views

GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 7:39 p.m.25 views

CVE-2026-42257

CVE-2026-42257 affects the Ruby Net::IMAP library where, prior to versions 0.4.24, 0.5.14, and 0.6.4, several IMAP commands accept a raw string argument sent to the server without validation or escaping. If derived from user input, this can include CRLF sequences and allow injection of arbitrary ...

9.8CVSS5.8AI score0.00429EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26742

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References4
Snyk
Snyk
added 2024/05/27 4:42 p.m.4 views

Buffer Overflow

Overview rockhopper is a package that works with ragged rows with different lengths 2D NumPy arrays. Affected versions of this package are vulnerable to Buffer Overflow through the manipulation of the argument raw in the countrows function. An attacker can execute arbitrary code by supplying...

5.3CVSS7.9AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder