Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/09 7:33 p.m.9 views

EUVD-2026-28924

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00422EPSS
Exploits0References8
CVE
CVEadded 2026/05/09 7:33 p.m.34 views

CVE-2026-42246

Net::IMAP (Ruby) versions before 0.3.10, 0.4.24, 0.5.14, and 0.6.4 are affected by a STARTTLS stripping issue. A man-in-the-middle attacker can cause Net::IMAP#starttls to report a successful TLS upgrade without actually enabling TLS, leaving the socket unencrypted. The vulnerability is mitigated...

7.6CVSS5.7AI score0.00422EPSS
Exploits0References8Affected Software1
PyPA
PyPAadded 2026/04/30 10:16 a.m.12 views

PYSEC-2026-24

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 5:55 a.m.4 views

SUSE CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS9.2AI score0.16334EPSS
Exploits1References10
RedHat Linux
RedHat Linuxadded 2022/02/24 3:40 p.m.2 views

ruby: StartTLS stripping vulnerability in Net::IMAP

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS7.2AI score0.02909EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2021/10/25 8:55 p.m.3 views

ruby: StartTLS stripping vulnerability in Net::IMAP

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS7.2AI score0.02909EPSS
Exploits1References5
FreeBSD
FreeBSDadded 2011/04/01 12:0 a.m.65 views

pureftpd -- multiple vulnerabilities

Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...

6.8CVSS1AI score0.16334EPSS
Exploits6
Rows per page
Query Builder