CVE-2025-71063

The issue concerns Errands (pre-46.2.10) failing to verify TLS certificates when communicating with CalDAV servers, a trust-management vulnerability. Root cause: TLS certificate validation is omitted for CalDAV server connections, enabling exposure to misissued or invalid certificates. Impact det...

Debian DSA-4582-1 : davical - security update

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4582. The text itself is copyright C Software ...

Debian: Security Advisory (DLA-2034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting

Original text at: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/ At HackDefense, we were evaluating various calendaring solutions, and during installation and configuration of DAViCal we discovered three severe vulnerabilities. We reported these...

[SECURITY] Fedora 26 Update: radicale-1.1.2-1.fc26

The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...

Design/Logic Flaw

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE:...