Known Vulnerabilities for Carddav Server by Synology

Listed below are 3 of the newest known vulnerabilities associated with "Carddav Server" by "Synology".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2022-27613 json	Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Syn...	8.8 - HIGH	2022-07-28	2022-08-03
CVE-2018-8928 json	Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote au...	5.4 - MEDIUM	2018-07-05	2019-10-09
CVE-2017-15887 json	An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6...	9.8 - CRITICAL	2017-11-07	2019-10-09

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version
Application	Synology	Carddav Server	6.0.9-0087
Application	Synology	Carddav Server	6.0.8-0086
Application	Synology	Carddav Server	6.0.7-0085
Application	Synology	Carddav Server	6.0.6-0083
Application	Synology	Carddav Server	6.0.5-0081
Application	Synology	Carddav Server	6.0.4-0080
Application	Synology	Carddav Server	6.0.3-0078
Application	Synology	Carddav Server	6.0.2-0077
Application	Synology	Carddav Server	6.0.0-0074
Application	Synology	Carddav Server	5.2.0-0028
Application	Synology	Carddav Server	5.2.0-0027
Application	Synology	Carddav Server	5.2.0-0026
Application	Synology	Carddav Server	5.2.0-0021
Application	Synology	Carddav Server	5.2.0-0019