Vulnerabilities > Synology > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-31 | CVE-2018-13281 | Information Exposure vulnerability in Synology Diskstation Manager, Skynas and Vs960Hd Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | 4.3 |
2018-07-30 | CVE-2018-13280 | Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | 5.9 |
2018-07-05 | CVE-2018-8928 | Cross-site Scripting vulnerability in Synology Carddav Server Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 5.4 |
2018-06-14 | CVE-2018-8927 | Incorrect Authorization vulnerability in Synology Calendar Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | 6.5 |
2018-06-05 | CVE-2018-8924 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
2018-06-05 | CVE-2018-8923 | Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 5.4 |
2018-06-01 | CVE-2018-8922 | Unspecified vulnerability in Synology Drive Server 1.0.210275 Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | 6.5 |
2018-06-01 | CVE-2018-8921 | Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253 Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
2018-05-10 | CVE-2018-8915 | Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | 5.4 |
2018-05-10 | CVE-2018-8910 | Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240 Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 5.4 |