Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology note station vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-27619
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client prior to 2.2.2-609 allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Synology Note Station
3.5
CVSSv2
CVE-2019-11827
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station prior to 2.5.3-0863 allows remote malicious users to inject arbitrary web script or HTML via the object_id parameter.
Synology Note Station
4.3
CVSSv2
CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
1 Article
4.3
CVSSv2
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
6.8
CVSSv2
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
6.8
CVSSv2
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
3.5
CVSSv2
CVE-2018-8912
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station prior to 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
Synology Note Station
3.5
CVSSv2
CVE-2018-8911
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station prior to 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Synology Note Station
3.5
CVSSv2
CVE-2015-9103
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and previous versions allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
Synology Note Station
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started