Radicale : Security vulnerabilities, CVEs published in 2016

Copy

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

Max CVSS

10.0

EPSS Score

0.48%

Published

2016-02-03

Updated

2016-11-28

CVE-2015-8748

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

Max CVSS

5.3

EPSS Score

0.67%

Published

2016-02-03

Updated

2016-12-06

CVE-2015-8747

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

Max CVSS

10.0

EPSS Score

0.51%

Published

2016-02-03

Updated

2016-12-06

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!