CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52946
https://notcve.org/view.php?id=CVE-2023-52946
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13297
https://notcve.org/view.php?id=CVE-2018-13297
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. Vulnerabilidad de exposición de la información en la función SYNO.SynologyDrive.Files en Synology Drive anterior a la versión 1.1.2-10562 permite a los atacantes remotos obtener información confidencial del sistema por medio del parámetro dsm_path. • https://www.synology.com/security/advisory/Synology_SA_18_50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8921
https://notcve.org/view.php?id=CVE-2018-8921
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. Vulnerabilidad de Cross-Site Scripting (XSS) en File Sharing Notify Toast en Synology Drive en versiones anteriores a la 1.0.2-10275 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante un nombre de archivo malicioso. • https://www.synology.com/en-global/support/security/Synology_SA_18_11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8922
https://notcve.org/view.php?id=CVE-2018-8922
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. Vulnerabilidad de control de acceso incorrecto en Synology Drive en versiones anteriores a la 1.0.2-10275 permite que usuarios autenticados remotos accedan a archivos no compartidos o a carpetas mediante vectores sin especificar. • https://www.synology.com/en-global/support/security/Synology_SA_18_11 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8910
https://notcve.org/view.php?id=CVE-2018-8910
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Vulnerabilidad de Cross-Site Scripting (XSS) en Attachment Preview en Synology Drive en versiones anteriores a la 1.0.1-10253 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante adjuntos maliciosos. • https://www.synology.com/en-global/support/security/Synology_SA_18_05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •