Vulnerabilities (CVE)

Filtered by vendor Synology Subscribe
Filtered by product Drive Server
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8922 1 Synology 1 Drive Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
CVE-2018-8921 1 Synology 1 Drive Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8910 1 Synology 1 Drive Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-13297 1 Synology 1 Drive Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.