79 matches found
[ASA-202112-5] isync: arbitrary code execution
Arch Linux Security Advisory ASA-202112-5 ========================================= Severity: Medium Date : 2021-12-03 CVE-ID : CVE-2021-3657 CVE-2021-44143 Package : isync Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2579 Summary ======= The package isyn...
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
DEBIAN-CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
Design/Logic Flaw
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
UBUNTU-CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
Apple Isync 缓冲区错误漏洞
Apple Isync is an American Apple Apple software that only runs under the Mac OS X operating system. Its function is to synchronize iCal and Address Book with MobileMe as well as a number of devices including iPods, SyncML-enabled phones, Palm OS and smartphones. A security vulnerability exists in...
PT-2021-24041 · Isync +2 · Isync +2
Name of the Vulnerable Software and Affected Versions: isync versions 1.4.0 through 1.4.3 Description: A flaw was found in mbsync due to an unchecked condition, allowing a malicious or compromised IMAP server to use a crafted mail message that lacks headers to provoke a heap overflow, which could...
Security update for isync (moderate)
openSUSE Security Update: Security update for isync Announcement ID: openSUSE-SU-2021:1185-1 Rating: moderate References: 1186939 Cross-References: CVE-2021-3578 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update for...
OPENSUSE-SU-2021:1185-1 Security update for isync
This update for isync fixes the following issues: Update to version 1.3.6 This is a security release that fixes CVE-2021-3578. This update was imported from the openSUSE:Leap:15.2:Update update project...
openSUSE 15 Security Update : isync (openSUSE-SU-2021:1170-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1170-1 advisory. - A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrar...
openSUSE: Security Advisory for isync (openSUSE-SU-2021:1170-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1170-1 Security update for isync
This update for isync fixes the following issues: Update to version 1.3.6 This is a security release that fixes CVE-2021-3578...
Security update for isync (moderate)
openSUSE Security Update: Security update for isync Announcement ID: openSUSE-SU-2021:1170-1 Rating: moderate References: 1186939 Cross-References: CVE-2021-3578 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for isync fixes...
Fedora: Security Advisory for isync (FEDORA-2021-f236f9f01a)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for isync (FEDORA-2021-754af4d52b)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Remote Code Execution
isync is vulnerable to remote code execution. An unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This behavior can be exploited to execute arbitrary code on...