Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2022-27613
- EPSS 0.58%
- Published 28.07.2022 07:15:07
- Last modified 21.11.2024 06:56:01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
5.4
CVE-2018-8928
- EPSS 0.13%
- Published 05.07.2018 13:29:00
- Last modified 21.11.2024 04:14:37
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name para...
9.8
CVE-2017-15887
- EPSS 0.42%
- Published 07.11.2017 15:29:00
- Last modified 20.04.2025 01:37:25
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
1