EUVD-2017-0220

Malware in sbrugna...

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-2150)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

Debian: Security Advisory (DLA-489-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2011-0739

The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...

Mageia: Security Advisory (MGASA-2016-0019)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-CPJC-P7FC-J9XH Mail Improper Input Validation vulnerability

The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...

UBUNTU-CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

[SECURITY] [DLA 489-1] ruby-mail security update

Package : ruby-mail Version : 2.4.4-2+deb7u1 CVE ID : N/A Debian Bug : N/A This security update fixes a security issue in ruby-mail. We recommend you upgrade your ruby-mail package. Takeshi Terada Mitsui Bussan Secure Directions, Inc. released a whitepaper entitled "SMTP Injection via recipient...

DLA-489-1 ruby-mail - security update

Bulletin has no description...

MGASA-2016-0019 Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

rubygem-mail: arbitrary command execution when using exim or sendmail from commandline

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a 1 sendmail or 2 exim delivery...

CVE-2012-2140

The CVE-2012-2140 entry concerns the rubygem-mail package for Ruby, version prior to 2.4.3. The vulnerability arises in the mail gem’s Exim/Sendmail delivery paths where improper input handling allows a remote attacker to execute arbitrary commands via shell metacharacters. Public documentation i...

[SECURITY] Fedora 16 Update: rubygem-mail-2.4.4-1.fc16

A really Ruby Mail handler...

[SECURITY] Fedora 15 Update: rubygem-mail-2.4.4-1.fc15

A really Ruby Mail handler...

CVE-2011-0739

The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...

Code injection

The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...

CVE-2011-0739

CVE-2011-0739 affects the Ruby Mail gem (2.2.14 and earlier). The root cause is the deliver() path in the sendmail delivery method (lib/mail/network/delivery_methods/sendmail.rb), where shell metacharacters in an e-mail address can be injected to execute arbitrary commands. Public references conf...