Vulnerabilities (CVE)

Filtered by vendor Radicale Subscribe
Filtered by product Radicale
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8342 1 Radicale 1 Radicale 2024-02-04 4.3 MEDIUM 8.1 HIGH
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
CVE-2015-8748 1 Radicale 1 Radicale 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
CVE-2015-8747 1 Radicale 1 Radicale 2024-02-04 7.5 HIGH 10.0 CRITICAL
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
CVE-2016-1505 2 Microsoft, Radicale 2 Windows, Radicale 2024-02-04 7.5 HIGH 10.0 CRITICAL
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.