Filtered by vendor Synology
Subscribe
Total
297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8912 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | |||||
| CVE-2018-8911 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8910 | 1 Synology | 1 Drive Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8897 | 8 Apple, Canonical, Citrix and 5 more | 11 Mac Os X, Ubuntu Linux, Xenserver and 8 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. | |||||
| CVE-2018-13299 | 1 Synology | 1 Calendar | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. | |||||
| CVE-2018-13298 | 1 Synology | 1 Moments | 2024-11-21 | 6.8 MEDIUM | 4.2 MEDIUM |
| Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-13297 | 1 Synology | 1 Drive Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | |||||
| CVE-2018-13296 | 1 Synology | 1 Mailplus Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | |||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | |||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | |||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | |||||
| CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | |||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | |||||
| CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | 9.0 HIGH | 7.5 HIGH |
| Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | |||||
| CVE-2018-13283 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | |||||
| CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||||
| CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-11-21 | 6.5 MEDIUM | 6.5 MEDIUM |
| Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | |||||