Radicale
by Radicale
pypi: radicale
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1505 | Cri | 0.58 | 10.0 | 0.03 | Feb 3, 2016 | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. | ||
| CVE-2015-8747 | Cri | 0.58 | 10.0 | 0.03 | Feb 3, 2016 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | ||
| CVE-2017-8342 | Hig | 0.46 | 8.1 | 0.02 | Apr 30, 2017 | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | ||
| CVE-2015-8748 | Med | 0.28 | 5.3 | 0.02 | Feb 3, 2016 | Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". |
- risk 0.58cvss 10.0epss 0.03
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
- risk 0.58cvss 10.0epss 0.03
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
- risk 0.46cvss 8.1epss 0.02
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
- risk 0.28cvss 5.3epss 0.02
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".