Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2018-13297 Information Exposure vulnerability in Synology Drive Server
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
network
low complexity
synology CWE-200
5.3
2019-04-01 CVE-2018-13296 Resource Exhaustion vulnerability in Synology Mailplus Server
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
network
low complexity
synology CWE-400
7.5
2019-04-01 CVE-2018-13295 Information Exposure vulnerability in Synology Application Service
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.
network
low complexity
synology CWE-200
6.5
2019-04-01 CVE-2018-13294 Information Exposure vulnerability in Synology Application Service
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
network
low complexity
synology CWE-200
6.5
2019-04-01 CVE-2018-13293 Cross-site Scripting vulnerability in Synology Diskstation Manager
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
network
low complexity
synology CWE-79
5.4
2019-04-01 CVE-2018-13292 Information Exposure vulnerability in Synology Router Manager
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-200
4.3
2019-04-01 CVE-2018-13291 Information Exposure vulnerability in Synology Diskstation Manager
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-200
4.3
2019-04-01 CVE-2018-13290 Information Exposure vulnerability in Synology Router Manager
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.
network
low complexity
synology CWE-200
4.3
2019-04-01 CVE-2018-13289 Information Exposure vulnerability in Synology Router Manager
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
network
low complexity
synology CWE-200
5.3
2019-04-01 CVE-2018-13288 Information Exposure vulnerability in Synology File Station
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
network
low complexity
synology CWE-200
5.3