Aggregates CVE and security vulnerability intelligence across all radicale-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation, with potential vendor impact unexpected behavior across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-8342 | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | [email protected] | 8.1 | 0.41% | 2017-04-30 | 2026-05-13 |
| CVE-2016-1505 | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. | [email protected] | 10.0 | 1.35% | 2016-02-03 | 2026-05-06 |
| CVE-2015-8748 | Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | [email protected] | 5.3 | 0.57% | 2016-02-03 | 2026-05-06 |
| CVE-2015-8747 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | [email protected] | 10.0 | 1.81% | 2016-02-03 | 2026-05-06 |