Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

isync project isync vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2021-3657
A flaw was found in mbsync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivabl...
Isync Project IsyncFedoraproject Fedora 35Redhat Enterprise Linux 7.0Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2021-3578
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploi...
Isync Project Isync 1.4.1Isync Project Isync 1.4.0Isync Project IsyncFedoraproject Fedora 33Fedoraproject Fedora 34Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 up to and including 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could concei...
Isync Project IsyncDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 34Fedoraproject Fedora 35
7.4
CVSSv3
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the des...
Mbsync Project MbsyncDebian Debian Linux 9.0Fedoraproject Fedora 32Fedoraproject Fedora 33Fedoraproject Extra Packages For Enterprise Linux 8.0
NA
CVE-2013-0289
Isync 0.4 prior to 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate...
Isync Project Isync 1.0.2Isync Project Isync 1.0.1Isync Project Isync 1.0.0Isync Project Isync 0.8Isync Project Isync 1.0.5Isync Project Isync 1.0.4Isync Project Isync 1.0.3Isync Project Isync 0.5Isync Project Isync 0.4Isync Project Isync 0.7Isync Project Isync 0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook