Filtered by vendor Synology
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13293 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | ||||
CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | N/A |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
CVE-2017-15893 | 1 Synology | 1 File Station | 2024-09-17 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2017-12071 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | ||||
CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 7.4 High |
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | ||||
CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-09-17 | N/A |
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
CVE-2022-22685 | 1 Synology | 1 Webdav Server | 2024-09-17 | 8.7 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
CVE-2022-27621 | 1 Synology | 2 Diskstation Manager, Usb Copy | 2024-09-17 | 5.5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | ||||
CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-09-17 | 7.3 High |
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||
CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-09-17 | 8.3 High |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
CVE-2017-12072 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | ||||
CVE-2021-34812 | 1 Synology | 1 Calendar | 2024-09-17 | 5.8 Medium |
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2021-26560 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2024-09-17 | 9 Critical |
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | ||||
CVE-2021-26565 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2024-09-17 | 8.3 High |
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | ||||
CVE-2017-11150 | 1 Synology | 1 Office | 2024-09-17 | N/A |
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | ||||
CVE-2022-43749 | 1 Synology | 1 Presto File Server | 2024-09-17 | 4.3 Medium |
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | ||||
CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 8.8 High |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
CVE-2017-15888 | 1 Synology | 1 Audio Station | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. |