Vulnerabilities > Synology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-13296 | Resource Exhaustion vulnerability in Synology Mailplus Server Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | 7.5 |
| 2019-04-01 | CVE-2018-13285 | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2018-13284 | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2018-13283 | Unspecified vulnerability in Synology SSL VPN Client Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | 7.4 |
| 2018-12-24 | CVE-2018-8920 | Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 7.2 |
| 2018-07-06 | CVE-2018-8929 | Channel and Path Errors vulnerability in Synology SSL VPN Client Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | 8.1 |
| 2018-07-05 | CVE-2017-16773 | Incorrect Authorization vulnerability in Synology Universal Search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 8.8 |
| 2018-06-08 | CVE-2018-8926 | Unspecified vulnerability in Synology Photo Station Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | 8.8 |
| 2018-06-08 | CVE-2018-8925 | Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | 8.8 |
| 2018-06-08 | CVE-2018-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | 8.8 |