Lucene search
K

48 matches found

RedHat Linux
RedHat Linux
added 2 days ago3 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00312EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2 days ago9 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00312EPSS
Exploits0References12
OSV
OSV
added 2026/06/24 8:0 a.m.13 views

CURL-CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:33 p.m.6 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00312EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 10:1 p.m.6 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.9AI score0.00312EPSS
Exploits0References14Affected Software1
RubySec
RubySec
added 2026/05/04 12:0 a.m.17 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.06307EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-78.12.0-3.el8.ML.1 (AXSA:2021-2308:14)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2308:14 advisory. Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 Mozilla: Use-after-free in accessibility features ...

8.8CVSS8.4AI score0.03582EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : cyrus-imapd-2.3.16-6.AXS4.3 (AXSA:2011-675:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-675:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...

7.5CVSS9.2AI score0.16334EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-8400

Malware in sbrugna...

9.8CVSS9.2AI score0.02506EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-1507

Malware in sbrugna...

6.8CVSS6.3AI score0.02471EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-24824

Malware in sbrugna...

7.5CVSS7.8AI score0.01996EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-7926

Malware in sbrugna...

5.9CVSS6AI score0.0095EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-1435

Malware in sbrugna...

6.8CVSS6.2AI score0.03212EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1924

Malware in sbrugna...

5.1CVSS6AI score0.03999EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-24825

Malware in sbrugna...

4.3CVSS4.6AI score0.00788EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1437

Malware in sbrugna...

6.8CVSS6.4AI score0.02283EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2157

Malware in sbrugna...

6.8CVSS6.4AI score0.05156EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7672

Malware in sbrugna...

8.8CVSS9AI score0.00856EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4710

Malware in sbrugna...

7.5CVSS8.4AI score0.00976EPSS
Exploits0References15
Rows per page
Query Builder