Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-13304

    In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, relate... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13303

    In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of servi... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-13302

    In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13301

    In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denia... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-13300

    In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a ... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13299

    Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.... Read more

    Affected Products : calendar
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-13298

    Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : moments
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13297

    Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.... Read more

    Affected Products : drive drive_server
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-13296

    Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.... Read more

    Affected Products : mailplus_server
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13295

    Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.... Read more

    Affected Products : application_service
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13294

    Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.... Read more

    Affected Products : application_service
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-13292

    Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-13290

    Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13289

    Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13288

    Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.... Read more

    Affected Products : file_station
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13287

    Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13285

    Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-13283

    Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.... Read more

    Affected Products : ssl_vpn_client
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-13282

    Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.... Read more

    Affected Products : photo_station
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13259

    An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.... Read more

    Affected Products : ubuntu_linux zsh
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294421 Results