Unrud

#8375of 53,624
32.8Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2022-19839
7.5
2022-06-07
Go · Go · CVE-2022-29804
**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.17.11 Go versions prior to 1.18.3 **Description** The issue concerns the incorrect conversion of certain invalid paths to valid, absolute paths in the filepath.Clean function on Windows, potentially allowing a directory traversal attack. For example, the function `Clean` can convert an invalid path like `.c:` to a valid, absolute path `c:`. **Recommendations** For Go versions prior to 1.17.11, update to version 1.17.11 or later to resolve the issue. For Go versions prior to 1.18.3, update to version 1.18.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `filepath.Clean` function on Windows systems until a patch is applied.
PT-2016-4848
10
2016-02-03
Radicale · Radicale · CVE-2016-1505
**Name of the Vulnerable Software and Affected Versions** Radicale versions prior to 1.1 **Description** The issue allows remote attackers to read or write to arbitrary files via a crafted path. For example, a crafted path like '/c:/file/ignore' can be used to access files on the system. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the filesystem storage backend to minimize the risk of exploitation.
PT-2016-3995
10
2016-01-30
Radicale · Radicale · CVE-2015-8747
**Name of the Vulnerable Software and Affected Versions** Radicale versions prior to 1.1 **Description** The issue allows remote attackers to read or write to arbitrary files via a crafted component name in the multifilesystem storage backend. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.
PT-2016-3996
5.3
2016-01-30
Radicale · Radicale · CVE-2015-8748
**Name of the Vulnerable Software and Affected Versions** Radicale versions prior to 1.1 **Description** The issue allows remote authenticated users to bypass owner write and owner only limitations via regex metacharacters in the user name. This can be demonstrated by using ".*" in the user name, effectively bypassing the intended restrictions. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of regex metacharacters in user names to minimize the risk of exploitation.