Search CVE reports
991 – 1000 of 36525 results
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 24.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This...
2 affected packages
pillow, pillow-python2
| Package | 24.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line...
2 affected packages
pillow, pillow-python2
| Package | 24.04 LTS |
|---|---|
| pillow | Not affected |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 24.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part...
1 affected package
bubblewrap
| Package | 24.04 LTS |
|---|---|
| bubblewrap | Not affected |