Security Vulnerabilities - CVEs Published In June 2018
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-06-01
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-06-01
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-06-01
Page 179