Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
isync project isync vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-3657
A flaw was found in mbsync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivabl...
Isync Project Isync
Fedoraproject Fedora 35
Redhat Enterprise Linux 7.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 up to and including 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could concei...
Isync Project Isync
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.8
CVSSv3
CVE-2021-3578
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploi...
Isync Project Isync 1.4.1
Isync Project Isync 1.4.0
Isync Project Isync
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
7.4
CVSSv3
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the des...
Mbsync Project Mbsync
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Extra Packages For Enterprise Linux 8.0
NA
CVE-2013-0289
Isync 0.4 prior to 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate...
Isync Project Isync 1.0.2
Isync Project Isync 1.0.1
Isync Project Isync 1.0.0
Isync Project Isync 0.8
Isync Project Isync 1.0.5
Isync Project Isync 1.0.4
Isync Project Isync 1.0.3
Isync Project Isync 0.5
Isync Project Isync 0.4
Isync Project Isync 0.7
Isync Project Isync 0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started