Mika Kulmala

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.3.1-9346-6 **Description** The issue is related to a Path Traversal vulnerability in the cgi component, allowing remote attackers to read specific files via unspecified vectors. **Recommendations** For versions prior to 1.3.1-9346-6, update to version 1.3.1-9346-6 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.3.1-9346-6 **Description** The issue allows remote attackers to obtain sensitive information via unspecified vectors. This is related to the exposure of sensitive information to an unauthorized actor vulnerability in the cgi component. **Recommendations** For Synology Router Manager (SRM) versions prior to 1.3.1-9346-6, update to version 1.3.1-9346-6 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 1.10.10 and below **Description** A stored XSS issue was discovered in the Chart pages of the "classic" UI. **Recommendations** For Apache Airflow versions 1.10.10 and below, update to a version above 1.10.10 to resolve the issue.