Skip to main content

Radicale

4 CVEs product

Monthly

CVE-2017-8342 PyPI HIGH POC PATCH This Week

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Radicale
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-1505 PyPI CRITICAL PATCH Act Now

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.4%
CVE-2015-8748 PyPI MEDIUM PATCH This Month

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Radicale
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2015-8747 PyPI CRITICAL PATCH Act Now

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.8%
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Radicale
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Radicale
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Radicale
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Radicale
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy