CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16770
https://notcve.org/view.php?id=CVE-2017-16770
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. Vulnerabilidad de exposición de información de archivos y directorios en SYNO.SurveillanceStation.PersonalSettings.Photo en Synology Surveillance Station, en versiones anteriores a la 8.1.2-5469, permite que usuarios autenticados remotos obtengan los archivos sensibles de otros usuarios mediante el parámetro filename. • https://www.synology.com/en-global/support/security/Synology_SA_17_77 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16767
https://notcve.org/view.php?id=CVE-2017-16767
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en User Profile en Synology Surveillance Station en versiones anteriores a la 8.1.2-5469 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro userDesc. • https://www.synology.com/en-global/support/security/Synology_SA_17_77 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16769
https://notcve.org/view.php?id=CVE-2017-16769
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. Vulnerabilidad de exposición de información privada en Photo Viewer en Synology Photo Station 6.8.1-3458 permite que atacantes remotos obtengan metadatos de fotografías protegidas con contraseña mediante el modo de vista de mapa. • https://www.synology.com/en-global/support/security/Synology_SA_17_76 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 97%CPEs: 1467EXPL: 3CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15892
https://notcve.org/view.php?id=CVE-2017-15892
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Slash Command Creator en Synology Chat, en versiones anteriores a la 2.0.0-1124 permiten que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante los parámetros (1) COMMAND, (2) COMMANDS INSTRUCTION o (3) DESCRIPTION. • https://www.synology.com/en-global/support/security/Synology_SA_17_78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •