Search CVE reports
1 – 4 of 4 results
CVE-2017-8342
Medium priorityRadicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
1 affected packages
radicale
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
radicale | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-1505
Medium priorityThe filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
1 affected packages
radicale
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
radicale | — | — | — | — | — |
CVE-2015-8748
Medium prioritySome fixes available 1 of 6
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
1 affected packages
radicale
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
radicale | — | — | — | Not affected | Not affected |
CVE-2015-8747
Medium prioritySome fixes available 1 of 6
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
1 affected packages
radicale
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
radicale | — | — | — | Not affected | Not affected |