CPE-B8A8E326-714D-40F7-88CA-5A3C781FB337 Detail

CPE Details

Synology Calendar 1.1.0-0146

Vendor

synology

Product

calendar

Version

1.1.0-0146

Created

2018-06-12
13h06 +00:00

Modified

2018-06-12
13h06 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:synology:calendar:1.1.0-0146:::::::*

Informations

Vendor

synology

Product

calendar

Version

1.1.0-0146

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-27617	2022-08-03 02h15 +00:00	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.	5	Medium
CVE-2022-22686	2022-07-26 01h30 +00:00	Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.	8	High
CVE-2022-22682	2022-07-12 06h20 +00:00	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	6.5	Medium
CVE-2021-34812	2021-06-18 03h00 +00:00	Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.	7.5	High
CVE-2019-11829	2019-06-30 15h05 +00:00	OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.	9.8	Critical
CVE-2019-11825	2019-06-30 15h00 +00:00	Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.	6.5	Medium
CVE-2019-11820	2019-05-09 05h35 +00:00	Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.	5.5	Medium
CVE-2018-13299	2019-04-01 14h31 +00:00	Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.	6.5	Medium
CVE-2018-8927	2018-06-14 14h00 +00:00	Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.	6.5	Medium
CVE-2018-8915	2018-05-10 13h00 +00:00	Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.	6.5	Medium
CVE-2017-15891	2017-12-08 16h00 +00:00	Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.	6.5	Medium

Synology Calendar 1.1.0-0146

CPE Details

CPE Name: cpe:2.3:a:synology:calendar:1.1.0-0146:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:synology:calendar:1.1.0-0146:::::::*