VYPR
Vendor

Radicale

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2016-1505CriFeb 3, 2016
    risk 0.58cvss 10.0epss 0.03

    The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

  • CVE-2015-8747CriFeb 3, 2016
    risk 0.58cvss 10.0epss 0.03

    The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

  • CVE-2017-8342HigApr 30, 2017
    risk 0.46cvss 8.1epss 0.02

    Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

  • CVE-2015-8748MedFeb 3, 2016
    risk 0.28cvss 5.3epss 0.02

    Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".