CVE-2018-8917
- EPSS 0.8%
- Veröffentlicht 24.12.2018 15:29:00
- Zuletzt bearbeitet 14.01.2025 19:29:55
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-8919
- EPSS 1.44%
- Veröffentlicht 24.12.2018 15:29:00
- Zuletzt bearbeitet 14.01.2025 19:29:55
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
- EPSS 86.54%
- Veröffentlicht 20.12.2018 21:29:00
- Zuletzt bearbeitet 13.02.2026 20:16:11
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio...
CVE-2018-13281
- EPSS 1.18%
- Veröffentlicht 31.10.2018 16:29:00
- Zuletzt bearbeitet 14.01.2025 19:29:55
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
CVE-2018-13280
- EPSS 0.63%
- Veröffentlicht 30.07.2018 14:29:03
- Zuletzt bearbeitet 14.01.2025 19:29:55
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
CVE-2018-8916
- EPSS 0.98%
- Veröffentlicht 08.06.2018 13:29:01
- Zuletzt bearbeitet 14.01.2025 19:29:55
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVE-2017-12075
- EPSS 1.94%
- Veröffentlicht 08.06.2018 13:29:00
- Zuletzt bearbeitet 14.01.2025 19:29:55
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2018-8897
- EPSS 18.26%
- Veröffentlicht 08.05.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:33
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that ...
CVE-2018-7185
- EPSS 9.24%
- Veröffentlicht 06.03.2018 20:29:01
- Zuletzt bearbeitet 14.01.2025 19:29:55
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...
CVE-2018-7184
- EPSS 8.86%
- Veröffentlicht 06.03.2018 20:29:01
- Zuletzt bearbeitet 14.01.2025 19:29:55
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...