Lucene search
K

179 matches found

OSV
OSV
added 2026/07/01 10:19 a.m.4 views

RHSA-2026:33462 Red Hat Security Advisory: ruby security update

Bulletin has no description...

8.1CVSS5.7AI score0.01131EPSS
Exploits0References26
RedHat Linux
RedHat Linux
added 2026/07/01 8:25 a.m.6 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 4:27 p.m.5 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

RockyLinux 8 : ruby:3.3 (RLSA-2026:33515)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:33515 advisory. ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol...

7.6CVSS6AI score0.00813EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on...

7.5CVSS6AI score0.00357EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by...

6.6CVSS6AI score0.00093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the...

8.2CVSS6AI score0.00331EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri's CRuby native extension could leave a Ruby wrapper...

7.5CVSS6.1AI score0.00357EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 2:33 p.m.29 views

CVE-2026-57436

Summary: The CVE affects Nokogiri (Ruby) prior to 1.19.4, where Nokogiri::XML::Document#root= could accept a DTD node as the document root, causing a heap use-after-free during garbage collection/finalization and potentially an invalid memory read or segfault. Root cause: setting a non-root node ...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 2:30 p.m.5 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/25 2:22 a.m.8 views

SUSE CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.4CVSS5.8AI score0.00324EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52475

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description An issue exists in the XInclude substitution process where the do xinclude function in Nokogiri::XML::Node replaces each element in place. This process frees the include node, its children such as...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.4 views

UBUNTU-CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

UBUNTU-CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS5.9AI score0.00131EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

UBUNTU-CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.8AI score0.00239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.12 views

Ruby net-imap < 0.5.15 / 0.6.x < 0.6.4.1 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.5.15, or 0.6.x prior to 0.6.4.1. It is, therefore, affected by multiple vulnerabilities. - Several Net::IMAP commands accept a raw data argument that is sent verbatim after validation to prevent command injection...

5.8CVSS6AI score0.00491EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/09 9:21 p.m.9 views

Open Redirect

Overview oauth is a ruby gem that implements both OAuth clients and servers in Ruby applications. Affected versions of this package are vulnerable to Open Redirect via the tokenrequest function in the token endpoint redirect handling. An attacker can obtain sensitive OAuth request metadata, such ...

8.2CVSS5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42258

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

9.8CVSS5.3AI score0.00813EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/15 4:8 p.m.13 views

CVE-2026-42245

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/05/14 4:15 p.m.11 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0
Rows per page
Query Builder