Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-10	CVE-2018-8915	Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. network low complexity synology CWE-79	5.4
2018-05-10	CVE-2018-8910	Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240 Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network low complexity synology CWE-79	5.4
2018-05-09	CVE-2018-8912	Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. network low complexity synology CWE-79	5.4
2018-05-09	CVE-2018-8911	Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. network low complexity synology CWE-79	5.4
2018-03-22	CVE-2017-16771	Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network low complexity synology CWE-79	6.1
2018-03-06	CVE-2018-7170	ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. network high complexity ntp synology netapp hpe	5.3
2018-02-27	CVE-2017-16770	Information Exposure vulnerability in Synology Surveillance Station File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. network low complexity synology CWE-200	6.5
2018-02-27	CVE-2017-16767	Cross-site Scripting vulnerability in Synology Surveillance Station Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. network low complexity synology CWE-79	5.4
2018-02-23	CVE-2017-16769	Information Exposure vulnerability in Synology Photo Station 6.8.13458 Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. network low complexity synology CWE-200	5.3
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6