CRITICAL9.8CVE-2026-42257net-imap vulnerable to command Injection via "raw" arguments to multiple commands from 0
CRITICAL9.8CVE-2026-42258net-imap vulnerable to command Injection via unvalidated Symbol inputs from 0
CRITICAL9.8Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
from 0
CRITICAL9.8ruby3.1 - security update
from 0, < 2.7.4-1+deb11u2
CRITICAL9.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u1
CRITICAL9.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u1
HIGH8.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u2
HIGH8.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u2
HIGH8.1ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
from 0
HIGH7.5net-imap has quadratic complexity when reading response literals
from 0
HIGH7.5URI Credential Leakage Bypass over CVE-2025-27221
from 0
HIGH7.5REXML ReDoS vulnerability
from 0, < 2.7.4-1+deb11u3
HIGH7.5REXML DoS vulnerability
from 0, < 2.7.4-1+deb11u3
HIGH7.5REXML DoS vulnerability
from 0, < 2.7.4-1+deb11u3
HIGH7.5ruby2.5 - security update
from 0, < 2.7.4-1+deb11u2
HIGH7.5Ruby Time component ReDoS issue
from 0, < 2.7.4-1+deb11u2
HIGH7.5jruby - security update
from 0, < 2.7.1-4
HIGH7.5There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
from 0, < 2.7.4-1+deb11u2
HIGH7.5Cookie Prefix Spoofing in CGI::Cookie.parse
from 0, < 2.7.4-1+deb11u1
HIGH7.5ruby2.3 - security update
from 0, < 2.7.4-1+deb11u1
HIGH7.5ruby2.5 - security update
from 0, < 2.7.3-1
HIGH7.4net-imap vulnerable to STARTTLS stripping via invalid response timing
from 0
HIGH7.4A vulnerability was found in Ruby.
from 0
HIGH7.4An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
from 0, < 2.7.4-1
HIGH7.0ruby2.3 - security update
from 0, < 2.7.4-1
MEDIUM6.6An issue was discovered in Ruby 3.x through 3.3.0.
from 0, < 2.7.4-1+deb11u2
MEDIUM6.5net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
from 0
MEDIUM5.9REXML denial of service vulnerability
from 0, < 2.7.4-1+deb11u3
MEDIUM5.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u5
MEDIUM5.8ruby2.7 - security update
from 0, < 2.7.4-1+deb11u5
MEDIUM5.8An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
from 0, < 2.7.4-1
MEDIUM5.3REXML has DoS condition when parsing malformed XML file
from 0
MEDIUM5.3resolv vulnerable to DoS via insufficient DNS domain name length validation
from 0
MEDIUM5.3ruby2.7 - security update
from 0, < 2.7.4-1+deb11u3
MEDIUM5.3ruby2.7 - security update
from 0, < 2.7.4-1+deb11u3
MEDIUM5.3URI gem has ReDoS vulnerability
from 0, < 2.7.4-1+deb11u2
MEDIUM5.3An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
from 0, < 2.7.1-1
MEDIUM4.5RDoc RCE vulnerability with .rdoc_options
from 0, < 2.7.4-1+deb11u2
MEDIUM4.3REXML denial of service vulnerability
from 0, < 2.7.4-1+deb11u3
MEDIUM4.0CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
from 0, < 2.7.4-1+deb11u5
LOW3.2URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+
from 0, < 2.7.4-1+deb11u5