Filtered by vendor Synology Subscriptions
Filtered by product Disk Station Ds1010\+ Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-3684 1 Synology 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more 2024-11-21 N/A
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
CVE-2010-2453 1 Synology 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.