VYPR

Isync

by Isync Project

CVEs (2)

  • CVE-2021-44143CriNov 22, 2021
    risk 0.64cvss 9.8epss 0.04

    A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be…

  • CVE-2013-0289May 23, 2014
    risk 0.00cvss epss 0.01

    Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.