Vulnerabilities > Synology > Drive Server

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2018-13297 Information Exposure vulnerability in Synology Drive Server
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
network
low complexity
synology CWE-200
5.3
2018-06-01 CVE-2018-8922 Unspecified vulnerability in Synology Drive Server 1.0.210275
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
network
low complexity
synology
6.5
2018-06-01 CVE-2018-8921 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
network
low complexity
synology CWE-79
5.4
2018-05-10 CVE-2018-8910 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4