Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology calendar vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
NA
CVE-2022-22686
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Synology Calendar
4
CVSSv2
CVE-2018-13299
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar prior to 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
Synology Calendar
NA
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
Synology Calendar
3.5
CVSSv2
CVE-2019-11825
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar prior to 2.3.0-0615 allows remote malicious users to inject arbitrary web script or HTML via the title parameter.
Synology Calendar
7.5
CVSSv2
CVE-2019-11829
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar prior to 2.3.1-0617 allows remote malicious users to execute arbitrary commands via the crafted 'X-Real-IP' header.
Synology Calendar
2.1
CVSSv2
CVE-2019-11820
Information exposure through process environment vulnerability in Synology Calendar prior to 2.3.3-0620 allows local users to obtain credentials via cmdline.
Synology Calendar
3.5
CVSSv2
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
4
CVSSv2
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
4
CVSSv2
CVE-2017-15891
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar prior to 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
Synology Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »