Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2018-13287 Incorrect Default Permissions vulnerability in Synology Router Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
6.5
2019-04-01 CVE-2018-13286 Incorrect Default Permissions vulnerability in Synology Diskstation Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
6.5
2019-04-01 CVE-2018-13285 OS Command Injection vulnerability in Synology Router Manager
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
network
low complexity
synology CWE-78
8.8
2019-04-01 CVE-2018-13284 OS Command Injection vulnerability in Synology Diskstation Manager
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
network
low complexity
synology CWE-78
8.8
2019-04-01 CVE-2018-13283 Unspecified vulnerability in Synology SSL VPN Client
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
network
high complexity
synology
7.4
2019-04-01 CVE-2017-16775 Improper Input Validation vulnerability in Synology SSO Server
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
low complexity
synology CWE-20
6.1
2019-04-01 CVE-2017-16774 Cross-site Scripting vulnerability in Synology Diskstation Manager
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
network
low complexity
synology CWE-79
5.4
2018-12-24 CVE-2018-8920 Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
network
low complexity
synology CWE-116
7.2
2018-12-24 CVE-2018-8919 Information Exposure vulnerability in Synology Diskstation Manager
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
network
low complexity
synology CWE-200
critical
9.8
2018-12-24 CVE-2018-8917 Cross-site Scripting vulnerability in Synology Diskstation Manager
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
network
low complexity
synology CWE-79
5.4