Vulnerabilities > Synology

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-05	CVE-2018-8924	Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. network synology CWE-79	3.5
2018-06-05	CVE-2018-8923	Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network synology CWE-79	3.5
2018-06-01	CVE-2018-8922	Unspecified vulnerability in Synology Drive 1.0.210275 Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. network low complexity synology	4.0
2018-06-01	CVE-2018-8921	Cross-site Scripting vulnerability in Synology Drive 1.0.010240/1.0.110253 Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. network synology CWE-79	3.5
2018-05-10	CVE-2018-8915	Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. network synology CWE-79	3.5
2018-05-10	CVE-2018-8914	SQL Injection vulnerability in Synology Media Server SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. network low complexity synology CWE-89	7.5
2018-05-10	CVE-2018-8910	Cross-site Scripting vulnerability in Synology Drive 1.0.010240 Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network synology CWE-79	3.5
2018-05-09	CVE-2018-8912	Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. network synology CWE-79	3.5
2018-05-09	CVE-2018-8911	Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network synology CWE-79	3.5
2018-05-08	CVE-2018-8897	Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. local low complexity debian canonical redhat citrix synology apple xen freebsd CWE-362	7.2

Vulnerabilities > Synology {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Synology"}]}

Vulnerabilities > Synology