CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. Source: NIST CVE-2018-13299

CVE-2017-16774

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. Source: NIST …

CVE-2017-16775

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Source: NIST CVE-2017-16775

CVE-2018-13298

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. Source: NIST CVE-2018-13298

CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. Source: NIST CVE-2018-13297

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the …

CVE-2018-8913

Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. Source: NIST CVE-2018-8913

CVE-2018-13286

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Source: NIST CVE-2018-13286

CVE-2018-13284

Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Source: …

CVE-2018-13292

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. Source: NIST CVE-2018-13292