Lucene search
K

93 matches found

UbuntuCve
UbuntuCve
added 2017/04/30 3:59 p.m.13 views

CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS7.1AI score0.02016EPSS
Exploits1References7
NVD
NVD
added 2017/04/30 3:59 p.m.8 views

CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS8.2AI score0.02016EPSS
Exploits1References5
Prion
Prion
added 2017/04/30 3:59 p.m.19 views

Authentication flaw

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

4.3CVSS8AI score0.02016EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2017/04/30 3:59 p.m.19 views

PYSEC-2017-102

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS1.8AI score0.02016EPSS
Exploits1References8
OSV
OSV
added 2017/04/30 3:59 p.m.2 views

DEBIAN-CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS8.1AI score0.02016EPSS
Exploits1References1
OSV
OSV
added 2017/04/30 3:59 p.m.3 views

UBUNTU-CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS7.2AI score0.02016EPSS
Exploits1References6
CVE
CVE
added 2017/04/30 3:0 p.m.72 views

CVE-2017-8342

Radicale is affected in versions before 1.1.2 and 2.x before 2.0.0rc2, where the htpasswd authentication method is prone to timing-based and brute-force attacks. The vulnerability exposes authentication weaknesses with potential confidential data exposure; CVSS details indicate varying impact (pa...

8.1CVSS7.9AI score0.02016EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2017/04/30 3:0 p.m.30 views

CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

8.1CVSS8.2AI score0.02016EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.22 views

Fedora 23 : radicale-1.1.1-1.fc23 (2016-f048c43393)

Version 1.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

10CVSS7.2AI score0.02945EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.21 views

Fedora 22 : radicale-1.1.1-1.fc22 (2016-cf9e2429b5)

Version 1.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

10CVSS7.2AI score0.02945EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/02/11 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2016-0057)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.4AI score0.02219EPSS
Exploits0References5
Mageia
Mageia
added 2016/02/09 1:5 p.m.31 views

Updated radicale packages fix CVE-2015-8748

Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...

5.3CVSS6.3AI score0.02219EPSS
Exploits0References3
OSV
OSV
added 2016/02/09 1:5 p.m.7 views

MGASA-2016-0057 Updated radicale packages fix CVE-2015-8748

Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...

5.3CVSS6.3AI score0.02219EPSS
Exploits0References4
NVD
NVD
added 2016/02/03 6:59 p.m.23 views

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

10CVSS9.3AI score0.02592EPSS
Exploits0References7
OSV
OSV
added 2016/02/03 6:59 p.m.6 views

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

10CVSS9.2AI score
Exploits0References7
NVD
NVD
added 2016/02/03 6:59 p.m.11 views

CVE-2015-8748

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...

5.3CVSS6.9AI score0.02219EPSS
Exploits0References8
OSV
OSV
added 2016/02/03 6:59 p.m.2 views

DEBIAN-CVE-2015-8748

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...

5.3CVSS6.2AI score0.02219EPSS
Exploits0References1
OSV
OSV
added 2016/02/03 6:59 p.m.6 views

CVE-2015-8747

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name...

10CVSS9.2AI score
Exploits0References9
NVD
NVD
added 2016/02/03 6:59 p.m.10 views

CVE-2015-8747

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name...

10CVSS9.2AI score0.02945EPSS
Exploits0References9
OSV
OSV
added 2016/02/03 6:59 p.m.1 views

DEBIAN-CVE-2015-8747

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name...

10CVSS7AI score0.02945EPSS
Exploits0References1
Rows per page
Query Builder