Skip to main content

Carddav Server

3 CVEs product

Monthly

CVE-2022-27613 HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SQLi Carddav Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-8928 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Carddav Server
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2017-15887 CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Carddav Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SQLi Carddav Server
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Carddav Server
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Carddav Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy