Skip to main content
CVE-2017-15894 MEDIUM This Month

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Diskstation Manager
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-16854 MEDIUM This Month

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15895 MEDIUM This Month

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-15893 MEDIUM This Month

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology File Station
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-15891 MEDIUM This Month

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Authentication Bypass Calendar
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-11481 MEDIUM This Month

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-10896 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bbr 4Mg Firmware Bbr 4Hg Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-11482 MEDIUM This Month

The Kibana fix for CVE-2017-8451 was found to be incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-10897 MEDIUM PATCH This Month

Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity.

Information Disclosure Bbr 4Mg Firmware Bbr 4Hg Firmware
NVD
CVSS 3.0
4.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy