Lucene search
K

158 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:54 a.m.9 views

CVE-2011-3253

CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate...

2.6CVSS5.6AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 a.m.5 views

CVE-2016-10836

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav SEC-108...

6.5CVSS7.3AI score0.01121EPSS
Exploits0References1
0day.today
0day.today
added 2024/11/06 12:0 a.m.331 views

ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass Vulnerability

ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2024/06/15 12:0 a.m.11 views

Fedora: Security Advisory (FEDORA-2024-123f2b3666)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00836EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/15 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2024-f3e0255c75)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00836EPSS
Exploits0References4
Fedora
Fedora
added 2024/06/14 1:45 a.m.26 views

[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40

The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...

6.5CVSS6.5AI score0.00836EPSS
Exploits0
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.25 views

CVE-2022-39349 Tasks.org vulnerable to data exfiltration by malicous app or adb

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...

5.5CVSS5.5AI score0.0025EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/02/19 12:0 a.m.20 views

Fedora: Security Advisory for cyrus-imapd (FEDORA-2022-c30b1a8aa3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6AI score0.0307EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/09/13 7:57 a.m.36 views

Important: Red Hat Security Advisory: cyrus-imapd security update

An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS7.1AI score0.0307EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.35 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2021-387)

This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.8 - fixed: Importing an address book from a CSV file always reported an error - fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved - fixed: Calendar:...

8.8CVSS7.3AI score0.0153EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.49 views

CentOS 8 : cyrus-imapd (CESA-2019:1771)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:1771 advisory. - cyrus-imapd: buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356 Note that Nessus has not tested for this...

9.8CVSS7.6AI score0.07622EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/14 12:0 a.m.30 views

FreeBSD : glpi -- Any CalDAV calendars is read-only for every authenticated user (6a467439-3b38-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server. C Tenable...

7.7CVSS6.3AI score0.0116EPSS
Exploits1References5
ALT Linux
ALT Linux
added 2020/12/05 12:0 a.m.31 views

Security fix for the ALT Linux 10 package glpi version 9.5.3-alt1

Dec. 5, 2020 Pavel Zilke 9.5.3-alt1 - New version 9.5.3 - This is a security release, upgrading is recommended - Security fixes: + CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php + CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php + CVE-2020-262...

4CVSS5AI score0.0116EPSS
Exploits1
OSV
OSV
added 2020/11/25 5:15 p.m.18 views

CVE-2020-26212

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...

6.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2020/11/25 5:15 p.m.18 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...

4CVSS6.2AI score0.0116EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/11/25 5:5 p.m.25 views

CVE-2020-26212 Any GLPI CalDAV calendars is read-only for every authenticated user

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of...

7.7CVSS7.4AI score0.0116EPSS
Exploits1References3
CVE
CVE
added 2020/11/25 5:5 p.m.82 views

CVE-2020-26212

Technical details about CVE-2020-26212 (affected GLPI versions, root cause, exploitability) are not present in the provided connected documents. The Initial Description notes the fix in 9.5.3 and a CalDAV workaround, but no further public details are available here. Monitor for updates.

7.7CVSS6.4AI score0.0116EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/25 12:0 a.m.4 views

PT-2020-16342 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue allows any authenticated user to have read-only permissions to the planning of every other user, including admin ones. This can be reproduced by creating a new planning, copying the CalDAV...

10CVSS6.3AI score0.99628EPSS
Exploits32References124
Veracode
Veracode
added 2020/10/04 4:40 a.m.26 views

Arbitrary Code Execution

The CalDAV feature in httpd is vulnerable to arbitrary code execution. It allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

9.8CVSS7.2AI score0.07622EPSS
Exploits0References12Affected Software2
FreeBSD
FreeBSD
added 2020/10/01 12:0 a.m.31 views

glpi -- Any CalDAV calendars is read-only for every authenticated user

MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server...

7.7CVSS4.5AI score0.0116EPSS
Exploits1References3
Rows per page
Query Builder