Vulnerabilities > Synology
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-08 | CVE-2018-8926 | Unspecified vulnerability in Synology Photo Station Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | 8.8 |
2018-06-08 | CVE-2018-8925 | Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | 8.8 |
2018-06-08 | CVE-2018-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | 8.8 |
2018-06-08 | CVE-2017-12078 | Command Injection vulnerability in Synology Router Manager Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |
2018-06-08 | CVE-2017-12075 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |
2018-06-05 | CVE-2018-8924 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
2018-06-05 | CVE-2018-8923 | Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 5.4 |
2018-06-01 | CVE-2018-8922 | Unspecified vulnerability in Synology Drive Server 1.0.210275 Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | 6.5 |
2018-06-01 | CVE-2018-8921 | Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253 Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
2018-05-10 | CVE-2018-8915 | Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | 5.4 |