158 matches found
CVE-2011-3253
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate...
CVE-2016-10836
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav SEC-108...
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass Vulnerability
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file...
Fedora: Security Advisory (FEDORA-2024-123f2b3666)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-f3e0255c75)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40
The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...
CVE-2022-39349 Tasks.org vulnerable to data exfiltration by malicous app or adb
The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...
Fedora: Security Advisory for cyrus-imapd (FEDORA-2022-c30b1a8aa3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Important: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
openSUSE Security Update : MozillaThunderbird (openSUSE-2021-387)
This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.8 - fixed: Importing an address book from a CSV file always reported an error - fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved - fixed: Calendar:...
CentOS 8 : cyrus-imapd (CESA-2019:1771)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:1771 advisory. - cyrus-imapd: buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356 Note that Nessus has not tested for this...
FreeBSD : glpi -- Any CalDAV calendars is read-only for every authenticated user (6a467439-3b38-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server. C Tenable...
Security fix for the ALT Linux 10 package glpi version 9.5.3-alt1
Dec. 5, 2020 Pavel Zilke 9.5.3-alt1 - New version 9.5.3 - This is a security release, upgrading is recommended - Security fixes: + CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php + CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php + CVE-2020-262...
CVE-2020-26212
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...
Design/Logic Flaw
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...
CVE-2020-26212 Any GLPI CalDAV calendars is read-only for every authenticated user
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...
CVE-2020-26212
Technical details about CVE-2020-26212 (affected GLPI versions, root cause, exploitability) are not present in the provided connected documents. The Initial Description notes the fix in 9.5.3 and a CalDAV workaround, but no further public details are available here. Monitor for updates.
PT-2020-16342 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue allows any authenticated user to have read-only permissions to the planning of every other user, including admin ones. This can be reproduced by creating a new planning, copying the CalDAV...
Arbitrary Code Execution
The CalDAV feature in httpd is vulnerable to arbitrary code execution. It allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...
glpi -- Any CalDAV calendars is read-only for every authenticated user
MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server...