Vulnerabilities > Isync Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-18 | CVE-2021-3657 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in mbsync versions prior to 1.4.4. | 9.8 |
2022-02-16 | CVE-2021-3578 | Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. | 7.8 |
2021-11-22 | CVE-2021-44143 | Out-of-bounds Write vulnerability in multiple products A flaw was found in mbsync in isync 1.4.0 through 1.4.3. | 9.8 |
2014-05-23 | CVE-2013-0289 | Cryptographic Issues vulnerability in Isync Project Isync Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |