Lucene search

PRIOn knowledge basePRION:CVE-2015-8747

HistoryFeb 03, 2016 - 6:59 p.m.

Code injection

2016-02-0318:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

CPENameOperatorVersion
radicalele1.0.1

CPE	Name	Operator	Version
	radicale	le	1.0.1

References

www.debian.org/security/2016/dsa-3462

www.openwall.com/lists/oss-security/2016/01/05/7

www.openwall.com/lists/oss-security/2016/01/06/4

www.openwall.com/lists/oss-security/2016/01/06/7

www.securityfocus.com/bid/80255

github.com/Kozea/Radicale/pull/343

github.com/Unrud/Radicale/commit/bcaf452e516c02c9bed584a73736431c5e8831f1

lists.fedoraproject.org/pipermail/package-announce/2016-January/175738.html

lists.fedoraproject.org/pipermail/package-announce/2016-January/175776.html