Vulnerabilities > Synology > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-13299 | Path Traversal vulnerability in Synology Calendar Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13297 | Information Exposure vulnerability in Synology Drive Server Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | 5.3 |
| 2019-04-01 | CVE-2018-13295 | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13294 | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | 6.5 |
| 2019-04-01 | CVE-2018-13293 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | 5.4 |
| 2019-04-01 | CVE-2018-13292 | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.3 |
| 2019-04-01 | CVE-2018-13291 | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.3 |
| 2019-04-01 | CVE-2018-13290 | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | 4.3 |
| 2019-04-01 | CVE-2018-13289 | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.3 |
| 2019-04-01 | CVE-2018-13288 | Information Exposure vulnerability in Synology File Station Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.3 |