RSS   Vulnerabilities for 'Calendar'   RSS

2022-07-12
 
CVE-2022-22682

CWE-79
 

 
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

 
2021-06-18
 
CVE-2021-34812

CWE-798
 

 
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

 
2019-06-30
 
CVE-2019-11829

CWE-78
 

 
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.

 
 
CVE-2019-11825

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

 
2019-05-09
 
CVE-2019-11820

CWE-255
 

 
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

 
2019-04-01
 
CVE-2018-13299

CWE-22
 

 
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

 
2018-06-14
 
CVE-2018-8927

CWE-863
 

 
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

 
2018-05-10
 
CVE-2018-8915

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

 
2017-12-08
 
CVE-2017-15891

CWE-noinfo
 

 
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

 

 >>> Vendor: Synology 42 Products
Directory server
Office
Media server
Calendar
DSM
Diskstation manager
Photo station
Synology photo station
Ds photo+
Ds file
Ds audio
Cloud station
Download station
Video station
Note station
Audio station
CHAT
Photo station uploader
Assistant
Dns server
Router manager
Cloud station backup
Cloud station drive
Skynas
Virtual diskstation manager
Vs960hd firmware
Drive
File station
Ds107 firmware
Ds116 firmware
Ds213 firmware
Vs960hd
Mailplus server
Ssl vpn client
Moments
Application service
Carddav server
Universal search
Surveillance station
Safeaccess
Diskstation manager unified controller
Mail station


Copyright 2024, cxsecurity.com

 

Back to Top