Vulnerabilities > Synology > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-30 CVE-2019-11822 Path Traversal vulnerability in Synology Photo Station
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
network
low complexity
synology CWE-22
6.5
2019-05-09 CVE-2019-11820 Insufficiently Protected Credentials vulnerability in Synology Calendar
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
local
low complexity
synology CWE-522
5.5
2019-04-17 CVE-2019-9494 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.
5.9
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
2019-04-01 CVE-2018-8913 Open Redirect vulnerability in Synology web Station
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
network
low complexity
synology CWE-601
6.1
2019-04-01 CVE-2018-13299 Path Traversal vulnerability in Synology Calendar
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
network
low complexity
synology CWE-22
6.5
2019-04-01 CVE-2018-13297 Information Exposure vulnerability in Synology Drive Server
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
network
low complexity
synology CWE-200
5.3
2019-04-01 CVE-2018-13295 Information Exposure vulnerability in Synology Application Service
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.
network
low complexity
synology CWE-200
6.5
2019-04-01 CVE-2018-13294 Information Exposure vulnerability in Synology Application Service
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
network
low complexity
synology CWE-200
6.5
2019-04-01 CVE-2018-13293 Cross-site Scripting vulnerability in Synology Diskstation Manager
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
network
low complexity
synology CWE-79
5.4