CVE-2019-5889
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
Source: CVE-2019-5889
CVE-2019-5889
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
Source: CVE-2019-5889
CVE-2019-5888
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.
Source: CVE-2019-5888
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Source: CVE-2019-3876
CVE-2019-3836
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Source: CVE-2019-3836
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
Source: CVE-2018-13294
CVE-2018-13284
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Source: CVE-2018-13284
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.
Source: CVE-2018-13295
CVE-2018-13286
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Source: CVE-2018-13286
CVE-2018-13296
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
Source: CVE-2018-13296
CVE-2018-13288
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
Source: CVE-2018-13288