Synology Calendar 2.3.1-0617

CPE Details

Synology Calendar 2.3.1-0617
synology
calendar
2.3.1-0617
2019-05-09
12h26 +00:00
2019-05-09
12h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:synology:calendar:2.3.1-0617:*:*:*:*:*:*:*

Informations

Vendor

synology

Product

calendar

Version

2.3.1-0617

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-27617 2022-08-03 02h15 +00:00 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
5
Medium
CVE-2022-22686 2022-07-26 01h30 +00:00 Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
8
High
CVE-2022-22682 2022-07-12 06h20 +00:00 Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6.5
Medium
CVE-2021-34812 2021-06-18 03h00 +00:00 Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
7.5
High
CVE-2019-11820 2019-05-09 05h35 +00:00 Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
5.5
Medium