CVE-2024-50631
- EPSS 0.06%
- Published 19.03.2025 05:50:08
- Last modified 19.03.2025 06:15:15
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQ...
CVE-2024-50630
- EPSS 0.08%
- Published 19.03.2025 05:50:05
- Last modified 19.03.2025 06:15:15
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vecto...
CVE-2018-13297
- EPSS 0.36%
- Published 01.04.2019 15:29:00
- Last modified 21.11.2024 03:46:47
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
CVE-2018-8921
- EPSS 0.13%
- Published 01.06.2018 13:29:00
- Last modified 21.11.2024 04:14:36
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8922
- EPSS 0.16%
- Published 01.06.2018 13:29:00
- Last modified 21.11.2024 04:14:36
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
CVE-2018-8910
- EPSS 0.19%
- Published 10.05.2018 13:29:00
- Last modified 21.11.2024 04:14:35
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.