Filtered by vendor Synology
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-09-17 | 7.1 High |
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
CVE-2021-26566 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2024-09-17 | 8.3 High |
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | ||||
CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 4.7 Medium |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
CVE-2020-8623 | 8 Canonical, Debian, Fedoraproject and 5 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-09-17 | 7.5 High |
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | ||||
CVE-2022-27624 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2024-09-17 | 10 Critical |
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
CVE-2015-9102 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | ||||
CVE-2018-8918 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
CVE-2015-9103 | 1 Synology | 1 Note Station | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | ||||
CVE-2019-11828 | 1 Synology | 1 Office | 2024-09-17 | 5.5 Medium |
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-12078 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | ||||
CVE-2017-11148 | 1 Synology | 1 Chat | 2024-09-17 | N/A |
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
CVE-2022-27619 | 1 Synology | 1 Note Station | 2024-09-17 | 6.8 Medium |
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2021-29083 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 7.2 High |
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | ||||
CVE-2019-11822 | 1 Synology | 1 Photo Station | 2024-09-17 | 4.3 Medium |
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | ||||
CVE-2018-8928 | 1 Synology | 1 Carddav Server | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | ||||
CVE-2015-9104 | 1 Synology | 1 Audio Station | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | ||||
CVE-2017-11158 | 2 Microsoft, Synology | 2 Windows, Cloud Station Drive | 2024-09-17 | N/A |
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | ||||
CVE-2018-8912 | 1 Synology | 1 Note Station | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | ||||
CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 6.5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
CVE-2022-27622 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 4.1 Medium |
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. |