22 matches found
DEBIAN-CVE-2026-42257
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...
EUVD-2026-28925
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...
CVE-2026-42256
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...
CVE-2026-42245
Net::IMAP (Ruby) is affected by a performance vulnerability in Net::IMAP::ResponseReader, where reading large responses with many string literals causes quadratic time complexity. This can be exploited by a hostile server to exhaust the client’s CPU, leading to a denial of service. The issue has ...
EUVD-2026-28923
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...
Improper Enforcement of Behavioral Workflow
Overview Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow via the starttls function. An attacker can intercept and manipulate the communication by injecting a crafted response before the client completes sending the command, causing the connection to...
Debian dla-4477 : libmunge-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4477 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4477-1 [email protected] https://www.debian.org/lts/security/...
EUVD-2025-26149
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-58058
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte...
DEBIAN-CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66713 CVE-2025-58058 affecting package buildah 1.18.0-29
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66741 CVE-2025-58058 affecting package packer for versions less than 1.9.5-15
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66716 CVE-2025-58058 affecting package podman 4.1.1-26
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66759 CVE-2025-58058 affecting package packer for versions less than 1.9.5-10
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66720 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
CVE-2025-58058 github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
CVE-2025-58058
CVE-2025-58058 — xz (Go) memory allocation issue : The xz library (Go implementation) prior to 0.5.14 can allocate the full LZMA decoding buffer immediately after reading the header, before detecting improper data prepending to the stream. The LZMA header lacks a mandatory magic/checksum to catch...
xz 安全漏洞
xz is a software application. It is used to support reading and writing xz compressed streams. A security vulnerability exists in xz versions prior to 0.5.14, which stems from insufficient detection of the header of LZMA-encoded byte streams and may lead to increased memory consumption...
PT-2025-20578
Name of the Vulnerable Software and Affected Versions Jan versions 0.5.14 and earlier Description The software is susceptible to remote code execution RCE when a user clicks on a link displayed within a conversation. This occurs because the application opens external websites and exposes the...