Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-30678
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows malicious users to write arbitrary file.
Samsung Calendar
5.4
CVSSv3
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
NA
CVE-2013-2698
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin prior to 1.3.3 for WordPress allows remote malicious users to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.
Kieranoshea Calendar
5.5
CVSSv3
CVE-2022-39915
Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows malicious users to access sensitive information via implicit intent.
Samsung Calendar
4.3
CVSSv3
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
Synology Calendar
6.5
CVSSv3
CVE-2017-15891
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar prior to 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
Synology Calendar
5.4
CVSSv3
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
6.5
CVSSv3
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
6.5
CVSSv3
CVE-2018-13299
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar prior to 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
Synology Calendar
9.8
CVSSv3
CVE-2019-11829
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar prior to 2.3.1-0617 allows remote malicious users to execute arbitrary commands via the crafted 'X-Real-IP' header.
Synology Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »