Lucene search

K
Isync ProjectIsync

4 matches found

CVE
CVE
added 2022/02/18 6:15 p.m.132 views

CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited fo...

9.8CVSS9.6AI score0.03455EPSS
CVE
CVE
added 2022/02/16 7:15 p.m.124 views

CVE-2021-3578

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code...

7.8CVSS7.9AI score0.00591EPSS
CVE
CVE
added 2021/11/22 8:15 p.m.107 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote c...

9.8CVSS9.4AI score0.04682EPSS
CVE
CVE
added 2014/05/23 2:55 p.m.43 views

CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

4.3CVSS6.3AI score0.00476EPSS