Package impact
PyPI / radicale
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1505 | critical | 10.0 | 10.0 | 11y ago | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. | |||
| CVE-2015-8747 | critical | 10.0 | 10.0 | 11y ago | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | |||
| CVE-2017-8342 | high | 8.1 | 8.1 | 9y ago | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. |