Filtered by vendor Synology
Subscriptions
Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-11-21 | N/A |
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | ||||
CVE-2017-16772 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | ||||
CVE-2017-16771 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2024-11-21 | N/A |
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | ||||
CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | ||||
CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | ||||
CVE-2017-16767 | 1 Synology | 1 Surveillance Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | ||||
CVE-2017-16766 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | ||||
CVE-2017-15895 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2017-15894 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2017-15893 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2017-15892 | 1 Synology | 1 Chat | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | ||||
CVE-2017-15891 | 1 Synology | 1 Calendar | 2024-11-21 | N/A |
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | ||||
CVE-2017-15890 | 1 Synology | 1 Mailplus Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | ||||
CVE-2017-15889 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | ||||
CVE-2017-15888 | 1 Synology | 1 Audio Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | ||||
CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A |
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | ||||
CVE-2017-15886 | 1 Synology | 1 Chat | 2024-11-21 | N/A |
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | ||||
CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 35 Eos, Arubaos, Ubuntu Linux and 32 more | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | ||||
CVE-2017-12080 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. |