Vulnerabilities > Synology

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-14	CVE-2018-8927	Incorrect Authorization vulnerability in Synology Calendar Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. network low complexity synology CWE-863	6.5
2018-06-08	CVE-2018-8926	Unspecified vulnerability in Synology Photo Station Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. network low complexity synology	8.8
2018-06-08	CVE-2018-8925	Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. network low complexity synology CWE-352	8.8
2018-06-08	CVE-2018-8916	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. network low complexity synology CWE-640	8.8
2018-06-08	CVE-2017-12078	Command Injection vulnerability in Synology Router Manager Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. network low complexity synology CWE-77	7.2
2018-06-08	CVE-2017-12075	Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. network low complexity synology CWE-77	7.2
2018-06-05	CVE-2018-8924	Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. network low complexity synology CWE-79	5.4
2018-06-05	CVE-2018-8923	Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network low complexity synology CWE-79	5.4
2018-06-01	CVE-2018-8922	Unspecified vulnerability in Synology Drive Server 1.0.210275 Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. network low complexity synology	6.5
2018-06-01	CVE-2018-8921	Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253 Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. network low complexity synology CWE-79	5.4

Vulnerabilities > Synology {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Synology"}]}

Vulnerabilities > Synology