Show filters

Showing topic results for "CVE-2019-1182":

(1-10 of 12)

Sort by:
Attacker Value
Very High

DejaBlue, RDP Heap Overflow

Disclosure Date: August 14, 2019 (last updated February 13, 2020)
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Utility Class: RCE
0
Attacker Value
Unknown

CVE-2019-11823

Disclosure Date: May 04, 2020 (last updated June 05, 2020)
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11822

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11827

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11825

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11826

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11821

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11829

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11828

Disclosure Date: June 30, 2019 (last updated June 05, 2020)
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Attack Vector: Network
0
Attacker Value
Unknown

CVE-2019-11820

Disclosure Date: May 09, 2019 (last updated June 05, 2020)
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
Attack Vector: Local
0