CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13296
https://notcve.org/view.php?id=CVE-2018-13296
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. Una vulnerabilidad de consumo de recursos no controlado en la configuración TLS en Synology MailPlus Server, en versiones anteriores a la 2.0.5-0606, permite a los atacantes remotos realizar ataques de denegación de servicio (DoS) mediante una renegociación iniciada por el cliente. • https://www.synology.com/security/advisory/Synology_SA_18_43 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13295
https://notcve.org/view.php?id=CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. Una vulnerabilidad de exposición de información en SYNO.Personal.Application.Info en Synology Application Service, en versiones anteriores a la 1.5.4-0320, permite a los usuarios remotos autenticados obtener información sensible del sistema mediante el parámetro version. • https://www.synology.com/security/advisory/Synology_SA_18_40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13294
https://notcve.org/view.php?id=CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. Una vulnerabilidad de exposición de información en SYNO.Personal.Profile en Synology Application Service, en versiones anteriores a la 1.5.4-0320, permite a los usuarios remotos autenticados obtener información sensible del sistema mediante el parámetro uid. • https://www.synology.com/security/advisory/Synology_SA_18_40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13293
https://notcve.org/view.php?id=CVE-2018-13293
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en los ajustes SSO del panel de control en Synology DiskStation Manager (DSM), en versiones 6.2.1-23824, permite a los usuarios remotos autenticados inyectar scripts web arbitrarios o HTML mediante el parámetro URL. • https://www.synology.com/security/advisory/Synology_SA_18_51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13291
https://notcve.org/view.php?id=CVE-2018-13291
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de exposición de información en /usr/syno/etc/mount.conf en Synology DiskStation Manager (DSM), en versiones anteriores a la 6.2.1-23824, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global. • https://www.synology.com/security/advisory/Synology_SA_18_51 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •