RSS   Vulnerabilities for 'Calendar'   RSS

2019-05-09
 
CVE-2019-11820

CWE-255
 

 
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

 
2019-04-01
 
CVE-2018-13299

CWE-22
 

 
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

 
2018-06-14
 
CVE-2018-8927

CWE-285
 

 
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

 
2018-05-10
 
CVE-2018-8915

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

 

 >>> Vendor: Synology 33 Products
DSM
Diskstation manager
Synology photo station
Ds photo+
Ds file
Ds audio
Cloud station
Photo station
Download station
Video station
Note station
Audio station
CHAT
Office
Photo station uploader
Assistant
Dns server
Router manager
Cloud station backup
Cloud station drive
Skynas
Virtual diskstation manager
Vs960hd firmware
Media server
Calendar
Drive
File station
Ds107 firmware
Ds116 firmware
Ds213 firmware
Vs960hd
Mailplus server
Ssl vpn client


Copyright 2019, cxsecurity.com

 

Back to Top