Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-17	CVE-2019-9494	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. network high complexity w1-fi fedoraproject opensuse synology freebsd CWE-203	5.9
2019-04-09	CVE-2019-3870	Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. local low complexity samba fedoraproject synology CWE-276	6.1
2019-04-01	CVE-2018-8913	Open Redirect vulnerability in Synology web Station Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. network low complexity synology CWE-601	6.1
2019-04-01	CVE-2018-13299	Path Traversal vulnerability in Synology Calendar Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. network low complexity synology CWE-22	6.5
2019-04-01	CVE-2018-13297	Information Exposure vulnerability in Synology Drive Server Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. network low complexity synology CWE-200	5.3
2019-04-01	CVE-2018-13295	Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. network low complexity synology CWE-200	6.5
2019-04-01	CVE-2018-13294	Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. network low complexity synology CWE-200	6.5
2019-04-01	CVE-2018-13293	Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. network low complexity synology CWE-79	5.4
2019-04-01	CVE-2018-13292	Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. network low complexity synology CWE-200	4.3
2019-04-01	CVE-2018-13291	Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. network low complexity synology CWE-200	4.3