[ASA-202106-27] isync: arbitrary code execution

Arch Linux Security Advisory ASA-202106-27 ========================================== Severity: Medium Date : 2021-06-09 CVE-ID : CVE-2021-3578 Package : isync Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2042 Summary ======= The package isync before...

openSUSE: Security Advisory for isync (openSUSE-SU-2021:0516-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0533-1 Security update for isync

This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB boo1182488 This update was imported from the openSUSE:Leap:15.2:Update update project...

Security update for isync (important)

openSUSE Security Update: Security update for isync Announcement ID: openSUSE-SU-2021:0533-1 Rating: important References: 1182488 Cross-References: CVE-2021-20247 CVSS scores: CVE-2021-20247 NVD : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP2 A...

openSUSE Security Update : isync (openSUSE-2021-516)

This update for isync fixes the following issues : - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB boo1182488 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

OPENSUSE-SU-2021:0516-1 Security update for isync

This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB boo1182488...

Security update for isync (important)

openSUSE Security Update: Security update for isync Announcement ID: openSUSE-SU-2021:0516-1 Rating: important References: 1182488 Cross-References: CVE-2021-20247 CVSS scores: CVE-2021-20247 NVD : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 An update th...

Fedora: Security Advisory for isync (FEDORA-2021-ef8c2acfce)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for isync (FEDORA-2021-954ebabcf7)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : isync (2021-954ebabcf7)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-954ebabcf7 advisory. - A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious...

Directory Traversal

isync is vulnerable to directory traversal. The vulnerability exists as validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing .. path components to access data outside the designated...

[ASA-202102-38] isync: directory traversal

Arch Linux Security Advisory ASA-202102-38 ========================================== Severity: High Date : 2021-02-27 CVE-ID : CVE-2021-20247 Package : isync Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-1598 Summary ======= The package isync before version...

Gentoo Security Advisory GLSA 201310-02

Gentoo Linux Local Security Checks GLSA 201310-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Mac OS X <= 10.3.7 mRouter Local Privilege Escalation Exploit

No description provided by source. / fm-iSink.c overflow in mRouter, suid binary used by iSync, on OSX = 10.3.7 written by - nemo @ felinemenace.org - ,'| .-''-.....--'; / '. ..-' , ,--...--''' \ .--''' /' -';' ; ; ; ...--'' ...--..' .;.' fL ,....----''' ,..--'' http://pulltheplug.org and...

CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

DEBIAN-CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

Code injection

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

UBUNTU-CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...