Lucene search
+L

1112 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 6:14 a.m.9 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

5.9AI score0.0052EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/03 6:14 a.m.5 views

CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS6.1AI score0.0052EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/07/03 6:14 a.m.9 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.0052EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.3 views

curl: curl: Insecure connection establishment due to TLS configuration mismatch

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS6AI score0.0052EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/30 7:2 p.m.3 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS6AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 6:42 p.m.5 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.6 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 5:18 p.m.5 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 4:32 p.m.12 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 3:47 p.m.5 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 3:46 p.m.6 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 2:25 p.m.2 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS6AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 2:25 p.m.2 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS6AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/30 11:5 a.m.10 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
Ubuntu
Ubuntu
added 2026/06/29 10:42 a.m.5 views

USN-8478-1: Ruby vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...

9.8CVSS6.1AI score0.00429EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.20 views

Curl 7.30.0 < 8.21.0 Wrong STARTTLS Connection Reuse

The version of curl installed on the remote host is 7.30.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even thoug...

8.1CVSS6AI score0.0052EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/25 2:22 a.m.9 views

SUSE CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.4CVSS5.8AI score0.00324EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 8:0 a.m.22 views

CURL-CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.0052EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.9 views

Security update for cyrus-imapd (important)

openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...

8.3CVSS5.5AI score0.00512EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.6 views

Security update for cyrus-imapd (important)

openSUSE security update: security update for cyrus-imapd ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20962-1 Rating: important References: bsc1241536 bsc1241543 bsc1246165 bsc1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores:...

8.3CVSS7.2AI score0.00512EPSS
Exploits0References4
Rows per page
Query Builder