Vulnerabilities (CVE)

Filtered by vendor Isync Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0289 1 Isync Project 1 Isync 2024-11-21 4.3 MEDIUM N/A
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2021-3578 3 Debian, Fedoraproject, Isync Project 3 Debian Linux, Fedora, Isync 2024-02-04 7.2 HIGH 7.8 HIGH
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVE-2021-3657 4 Debian, Fedoraproject, Isync Project and 1 more 4 Debian Linux, Fedora, Isync and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
CVE-2021-44143 3 Debian, Fedoraproject, Isync Project 3 Debian Linux, Fedora, Isync 2024-02-04 7.5 HIGH 9.8 CRITICAL
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.