Synology Calendar
By the Year
In 2024 there have been 0 vulnerabilities in Synology Calendar . Calendar did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.70 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 6.80 |
| 2018 | 2 | 5.95 |
It may take a day or so for new Calendar vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Synology Calendar Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631
CVE-2022-22686
8 - High
- July 26, 2022
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Session Riding
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930
CVE-2022-22682
5.4 - Medium
- July 12, 2022
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
XSS
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761
CVE-2021-34812
7.5 - High
- June 18, 2021
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
Use of Hard-coded Credentials
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615
CVE-2019-11825
5.4 - Medium
- June 30, 2019
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
XSS
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617
CVE-2019-11829
9.8 - Critical
- June 30, 2019
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
Shell injection
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620
CVE-2019-11820
5.5 - Medium
- May 09, 2019
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
Insufficiently Protected Credentials
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532
CVE-2018-13299
6.5 - Medium
- April 01, 2019
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
Directory traversal
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511
CVE-2018-8927
6.5 - Medium
- June 14, 2018
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
AuthZ
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502
CVE-2018-8915
5.4 - Medium
- May 10, 2018
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Synology Calendar or by Synology? Click the Watch button to subscribe.
