Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2019
CVE-2018-13291
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-04-01
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-04-01
CVE-2018-13293
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-04-01
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-04-01
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-04-01
CVE-2018-13296
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-04-01
CVE-2018-13297
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-04-01
CVE-2018-13298
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVSS Score
4.2
EPSS Score
0.003
Published
2019-04-01
CVE-2018-13299
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-04-01
CVE-2018-8913
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
CVSS Score
7.1
EPSS Score
0.002
Published
2019-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved