Lucene search
K

194 matches found

RedHat Linux
RedHat Linux
added 5 days ago4 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References12
Chainguard
Chainguard
added 2026/06/30 8:22 p.m.7 views

CVE-2026-44161 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby4.0-fluentd-kubernetes-daemonset...

7.2CVSS7AI score0.00449EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/30 8:21 p.m.10 views

GHSA-PR7J-96CJ-549H vulnerabilities

Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, kube-fluentd-operator...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 4:32 p.m.8 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 4:32 p.m.5 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 4:2 p.m.7 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-57436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new roo...

6.3CVSS6AI score0.00312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default f...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:32 p.m.8 views

CVE-2026-57435

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

7.5CVSS5.9AI score0.00357EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 2:32 p.m.6 views

EUVD-2026-39426

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

6.3CVSS5.9AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:49 p.m.9 views

OESA-2026-2578 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior ...

9.8CVSS5.4AI score0.00813EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 7:42 a.m.14 views

Important: Red Hat Security Advisory: ruby:4.0 security update

An update for the ruby:4.0 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6.7AI score0.01131EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

Ruby 竞争条件问题漏洞

Ruby is a cross-platform, object-oriented dynamic type programming language developed by Yukihiro Matsumoto. Prior to Ruby 4.0.5, there was a race condition vulnerability. This vulnerability stemmed from a race condition in the getaddrinfo handling process based on pthread, where reusing resource...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Oracle Linux 9 : ruby (ELSA-2026-18039)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18039 advisory. 3.0.7-166 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171254 Tenable has extracted the preceding descriptio...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/18 12:25 p.m.13 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.15 views

Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 had command injection vulnerabilities. These vulnerabilities stemmed from the symbolic parameters of commands, which were vulnerable to CRLF...

9.8CVSS5.8AI score0.00813EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/02 6:22 p.m.113 views

Lyussfyuring002

lyussfyuring002 web exploitation + OSINT toolkit for people...

6.7CVSS5.9AI score0.0024EPSS
Exploits4
NVD
NVD
added 2026/04/16 6:16 p.m.8 views

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

9.8CVSS0.00561EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.3 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder