Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Calendar Security Vulnerabilities

cve
cve

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

6.5CVSS

6AI Score

0.001EPSS

2017-12-08 04:29 PM
30
cve
cve

CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

6.5CVSS

6.2AI Score

0.001EPSS

2019-04-01 03:29 PM
23
cve
cve

CVE-2018-8915

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

6.5CVSS

5.1AI Score

0.001EPSS

2018-05-10 01:29 PM
22
cve
cve

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

6.5CVSS

6.2AI Score

0.001EPSS

2018-06-14 02:29 PM
23
cve
cve

CVE-2019-11820

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

5.5CVSS

5.3AI Score

0.0004EPSS

2019-05-09 06:29 AM
31
cve
cve

CVE-2019-11825

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

6.5CVSS

5.4AI Score

0.001EPSS

2019-06-30 03:15 PM
36
cve
cve

CVE-2019-11829

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.

9.8CVSS

9.8AI Score

0.001EPSS

2019-06-30 03:15 PM
53
cve
cve

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS

7.2AI Score

0.001EPSS

2021-06-18 03:15 AM
59
8
cve
cve

CVE-2022-22682

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5CVSS

5.1AI Score

0.001EPSS

2022-07-12 07:15 AM
37
6
cve
cve

CVE-2022-22686

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

8CVSS

7.6AI Score

0.0005EPSS

2022-07-26 02:15 AM
46
6
cve
cve

CVE-2022-27617

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.

5CVSS

4.4AI Score

0.001EPSS

2022-08-03 03:15 AM
47
3