CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27613
https://notcve.org/view.php?id=CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL (" Inyección SQL") en el componente webapi en Synology CardDAV Server versiones anteriores a 6.0.10-0153, permite a usuarios remotos autenticados inyectar comandos SQL por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8928
https://notcve.org/view.php?id=CVE-2018-8928
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en Address Book Editor en Synology CardDAV Server en versiones anteriores a la 6.0.8-0086 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante los parámetros (1) family_name, (2) given_name o (3) additional_name. • https://www.synology.com/en-global/support/security/Synology_SA_18_10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15887
https://notcve.org/view.php?id=CVE-2017-15887
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. Una vulnerabilidad de restricción indebida de intentos excesivos de autenticación en /principals en Synology CardDAV Server en versiones anteriores a la 6.0.7-0085 permite que atacantes remotos obtengan credenciales de usuario mediante un ataque de fuerza bruta. • https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server • CWE-307: Improper Restriction of Excessive Authentication Attempts •