Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-11829
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar prior to 2.3.1-0617 allows remote malicious users to execute arbitrary commands via the crafted 'X-Real-IP' header.
Synology Calendar
4.3
CVSSv3
CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It ...
Nextcloud Calendar
5.4
CVSSv3
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
6.5
CVSSv3
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
3.3
CVSSv3
CVE-2022-33705
Information exposure in Calendar prior to version 12.3.05.10000 allows malicious user to access calendar schedule without READ_CALENDAR permission.
Samsung Calendar
4.3
CVSSv3
CVE-2023-33183
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
Nextcloud Calendar
6.5
CVSSv3
CVE-2023-48308
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3
Nextcloud Calendar
6.5
CVSSv3
CVE-2017-15891
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar prior to 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
Synology Calendar
5.4
CVSSv3
CVE-2016-10716
The Mail.ru Calendar plugin prior to 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
Mail.ru Calendar
6.5
CVSSv3
CVE-2018-13299
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar prior to 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
Synology Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »