Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-13 | CVE-2019-9516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. | 6.5 |
| 2019-08-13 | CVE-2019-9515 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9514 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9511 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. | 7.5 |
| 2019-06-30 | CVE-2019-11829 | OS Command Injection vulnerability in Synology Calendar OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | 9.8 |
| 2019-06-30 | CVE-2019-11828 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2019-06-30 | CVE-2019-11827 | Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | 5.4 |
| 2019-06-30 | CVE-2019-11826 | Path Traversal vulnerability in Synology Moments Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | 8.8 |
| 2019-06-30 | CVE-2019-11825 | Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 5.4 |