Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Calendar'
2022-07-12
CVE-2022-22682
CWE-79
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
2021-06-18
CVE-2021-34812
CWE-798
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
2019-06-30
CVE-2019-11829
CWE-78
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
CVE-2019-11825
CWE-79
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
2019-05-09
CVE-2019-11820
CWE-255
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
2019-04-01
CVE-2018-13299
CWE-22
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
2018-06-14
CVE-2018-8927
CWE-863
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
2018-05-10
CVE-2018-8915
CWE-79
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
2017-12-08
CVE-2017-15891
CWE-noinfo
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
>>>
Vendor:
Synology
42
Products
Directory server
Office
Media server
Calendar
DSM
Diskstation manager
Photo station
Synology photo station
Ds photo+
Ds file
Ds audio
Cloud station
Download station
Video station
Note station
Audio station
CHAT
Photo station uploader
Assistant
Dns server
Router manager
Cloud station backup
Cloud station drive
Skynas
Virtual diskstation manager
Vs960hd firmware
Drive
File station
Ds107 firmware
Ds116 firmware
Ds213 firmware
Vs960hd
Mailplus server
Ssl vpn client
Moments
Application service
Carddav server
Universal search
Surveillance station
Safeaccess
Diskstation manager unified controller
Mail station
Copyright
2024
, cxsecurity.com
Back to Top