U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it.

Published: May 30, 2023; 12:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2014-2014

imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

Published: April 18, 2014; 6:14:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2013-4279

imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Published: April 18, 2014; 6:14:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM