DEBIAN-CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

EUVD-2022-5044

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2014-0083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. CVE-2014-0083 Note that Nessus relies on the presence of the package as...

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

CVE-2025-25186 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.3-rails, kube-fluentd-operator, ruby3.3-net-imap, ruby3.2-net-imap, ruby3.4-net-imap, ruby3.2-rails...

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

EulerOS Virtualization 3.0.6.6 : ruby (EulerOS-SA-2022-1144)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and...

ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

DEBIAN-CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

Ruby Net::LDAP gem SSL Certificate Validation Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.Net::LDAP aka net-ldap gem is one of the lightweight directory access modules. A security vulnerability exists in the Ruby Net::LDAP gem prior to version...

Ruby Net::FTP Command Injection Vulnerability

Ruby is a Japanese software developer Yukihiro Matsumoto developed a cross-platform , object-oriented dynamically typed programming language . Net::FTP is one of the FTP client implementation . A command injection vulnerability exists in Net::FTP in Ruby versions prior to 2.4.3. An attacker can...

net:: * modules

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...