Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
| 2019-04-09 | CVE-2019-3870 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. | 6.1 |
| 2019-04-01 | CVE-2018-8913 | Open Redirect vulnerability in Synology web Station Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | 6.1 |
| 2019-04-01 | CVE-2018-13299 | Path Traversal vulnerability in Synology Calendar Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13298 | Unspecified vulnerability in Synology Moments Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | 8.1 |
| 2019-04-01 | CVE-2018-13297 | Information Exposure vulnerability in Synology Drive Server Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | 5.3 |
| 2019-04-01 | CVE-2018-13296 | Resource Exhaustion vulnerability in Synology Mailplus Server Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | 7.5 |
| 2019-04-01 | CVE-2018-13295 | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13294 | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13293 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | 5.4 |