isync Project isync 0.8

CPE Details

isync Project isync 0.8
isync_project
isync
0.8
2021-11-26
14h42 +00:00
2021-11-30
20h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:isync_project:isync:0.8:*:*:*:*:*:*:*

Informations

Vendor

isync_project

Product

isync

Version

0.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3657 2022-02-18 16h50 +00:00 A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
9.8
Critical
CVE-2021-3578 2022-02-16 17h35 +00:00 A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
7.8
High
CVE-2013-0289 2014-05-23 12h00 +00:00 Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4.3