Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for MailPlus Server by Synology

    VAR-201712-0197

    Vulnerability from variot - Updated: 2025-04-20 23:29

    Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. Synology MailPlus Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology MailPlus Server is an email service suite from Synology. The product supports the management of user accounts, mail records, etc. Disclaimer is one of the disclaimer modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0197",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mailplus server",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "synology",
            "version": "1.4.0-0415"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:synology:mailplus_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          }
        ]
      },
      "cve": "CVE-2017-15890",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-15890",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-106758",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-15890",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-15890",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-15890",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-1151",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-106758",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. Synology MailPlus Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology MailPlus Server is an email service suite from Synology. The product supports the management of user accounts, mail records, etc. Disclaimer is one of the disclaimer modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15890",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-106758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "id": "VAR-201712-0197",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:29:31.033000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-17:75",
            "trust": 0.8,
            "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
          },
          {
            "title": "Synology MailPlus Server Disclaimer Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100123"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/en-global/support/security/synology_sa_17_75"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15890"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15890"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "date": "2018-01-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "date": "2017-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "date": "2017-12-15T15:29:00.197000",
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106758"
          },
          {
            "date": "2018-01-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-15890"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology MailPlus Server Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011498"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1151"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201712-0381

    Vulnerability from variot - Updated: 2025-04-20 23:03

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. Synology MailPlus Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology MailPlus Server is an email service suite from Synology. The product supports the management of user accounts, mail records, etc. User Policy editor is one of the user policy editors

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0381",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mailplus server",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "synology",
            "version": "1.4.0-0415"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:synology:mailplus_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          }
        ]
      },
      "cve": "CVE-2017-16768",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-16768",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-107723",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-16768",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-16768",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-16768",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-961",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-107723",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. Synology MailPlus Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology MailPlus Server is an email service suite from Synology. The product supports the management of user accounts, mail records, etc. User Policy editor is one of the user policy editors",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-16768",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-107723",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "id": "VAR-201712-0381",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:03:54.736000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-17:81",
            "trust": 0.8,
            "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_81"
          },
          {
            "title": "Synology MailPlus Server User Policy Fixes for editor cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77350"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/en-global/support/security/synology_sa_17_81"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16768"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16768"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "date": "2018-01-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "date": "2017-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "date": "2017-12-27T17:29:00.323000",
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-107723"
          },
          {
            "date": "2018-01-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          },
          {
            "date": "2017-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-16768"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology MailPlus Server Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011768"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-961"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-0611

    Vulnerability from variot - Updated: 2024-11-23 22:48

    Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. Synology MailPlus Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Synology MailPlus Server is an email service suite provided by Synology, Taiwan, China. The product supports the management of user accounts, mail records, etc. There is a security vulnerability in the TLS configuration in Synology MailPlus Server versions earlier than 2.0.5-0606. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0611",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mailplus server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "synology",
            "version": "2.0.5-0606"
          },
          {
            "model": "mailplus server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "synology",
            "version": "2.0.5-0606"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:synology:mailplus_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          }
        ]
      },
      "cve": "CVE-2018-13296",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-13296",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-123341",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-13296",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-13296",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security@synology.com",
                "id": "CVE-2018-13296",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-13296",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-035",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-123341",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. Synology MailPlus Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Synology MailPlus Server is an email service suite provided by Synology, Taiwan, China. The product supports the management of user accounts, mail records, etc. There is a security vulnerability in the TLS configuration in Synology MailPlus Server versions earlier than 2.0.5-0606. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13296",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-123341",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "id": "VAR-201904-0611",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:48:24.804000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-18:43 MailPlus Server",
            "trust": 0.8,
            "url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_43"
          },
          {
            "title": "Synology MailPlus Server Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90947"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/security/advisory/synology_sa_18_43"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13296"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13296"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "date": "2019-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "date": "2019-04-01T15:29:00.780000",
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123341"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          },
          {
            "date": "2024-11-21T03:46:47.050000",
            "db": "NVD",
            "id": "CVE-2018-13296"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology MailPlus Server Vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015170"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-035"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-13296 (GCVE-0-2018-13296)

    Vulnerability from nvd – Published: 2019-04-01 14:29 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption (CWE-400)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology MailPlus Server Affected: unspecified , < 2.0.5-0606 (custom)
    Create a notification for this product.
    Date Public
    2019-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:34.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailPlus Server",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "2.0.5-0606",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption (CWE-400)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-01T14:29:55.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2019-03-31T00:00:00",
              "ID": "CVE-2018-13296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailPlus Server",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.0.5-0606"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Resource Consumption (CWE-400)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_18_43",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2018-13296",
        "datePublished": "2019-04-01T14:29:55.085Z",
        "dateReserved": "2018-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:41.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15890 (GCVE-0-2017-15890)

    Vulnerability from nvd – Published: 2017-12-15 15:00 – Updated: 2024-09-16 18:56
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology MailPlus Server Affected: before 1.4.0-0415
    Create a notification for this product.
    Date Public
    2017-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:04:50.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailPlus Server",
              "vendor": "Synology",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.0-0415"
                }
              ]
            }
          ],
          "datePublic": "2017-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T14:57:01.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2017-11-24T00:00:00",
              "ID": "CVE-2017-15890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailPlus Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.0-0415"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_75",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2017-15890",
        "datePublished": "2017-12-15T15:00:00.000Z",
        "dateReserved": "2017-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:56:25.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13296 (GCVE-0-2018-13296)

    Vulnerability from cvelistv5 – Published: 2019-04-01 14:29 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption (CWE-400)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology MailPlus Server Affected: unspecified , < 2.0.5-0606 (custom)
    Create a notification for this product.
    Date Public
    2019-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:34.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailPlus Server",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "2.0.5-0606",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption (CWE-400)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-01T14:29:55.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2019-03-31T00:00:00",
              "ID": "CVE-2018-13296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailPlus Server",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.0.5-0606"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Resource Consumption (CWE-400)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_18_43",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_18_43"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2018-13296",
        "datePublished": "2019-04-01T14:29:55.085Z",
        "dateReserved": "2018-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:41.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15890 (GCVE-0-2017-15890)

    Vulnerability from cvelistv5 – Published: 2017-12-15 15:00 – Updated: 2024-09-16 18:56
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology MailPlus Server Affected: before 1.4.0-0415
    Create a notification for this product.
    Date Public
    2017-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:04:50.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailPlus Server",
              "vendor": "Synology",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.0-0415"
                }
              ]
            }
          ],
          "datePublic": "2017-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T14:57:01.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2017-11-24T00:00:00",
              "ID": "CVE-2017-15890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailPlus Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.0-0415"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_75",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_75"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2017-15890",
        "datePublished": "2017-12-15T15:00:00.000Z",
        "dateReserved": "2017-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:56:25.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }