Calendar@* Security Vulnerabilities and Issues — Calendar@* CVE List

Lucene search

SynologyCalendar*

11 matches found

CVE•added 2019/06/30 3:15 p.m.•73 views

CVE-2019-11829

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.

9.8CVSS9.8AI score0.04121EPSS

CVE•added 2022/07/26 2:15 a.m.•69 views

CVE-2022-22686

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

8CVSS7.6AI score0.00194EPSS

CVE•added 2021/06/18 3:15 a.m.•67 views

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.2AI score0.00218EPSS

CVE•added 2022/08/03 3:15 a.m.•59 views

CVE-2022-27617

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.

5CVSS4.4AI score0.00222EPSS

CVE•added 2019/06/30 3:15 p.m.•55 views

CVE-2019-11825

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

6.5CVSS5.4AI score0.00133EPSS

CVE•added 2022/07/12 7:15 a.m.•48 views

CVE-2022-22682

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5CVSS5.1AI score0.00198EPSS

CVE•added 2017/12/08 4:29 p.m.•40 views

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

6.5CVSS6AI score0.00132EPSS

CVE•added 2019/05/09 6:29 a.m.•38 views

CVE-2019-11820

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

5.5CVSS5.3AI score0.00036EPSS

CVE•added 2018/06/14 2:29 p.m.•37 views

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

6.5CVSS6.2AI score0.00119EPSS

CVE•added 2019/04/01 3:29 p.m.•32 views

CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

6.5CVSS6.2AI score0.00221EPSS

CVE•added 2018/05/10 1:29 p.m.•32 views

CVE-2018-8915

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

6.5CVSS5.1AI score0.00133EPSS