Filtered by vendor Synology
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-13298 | 1 Synology | 1 Moments | 2024-09-17 | N/A |
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2017-11155 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | ||||
CVE-2021-26564 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2024-09-17 | 8.3 High |
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | ||||
CVE-2022-27612 | 1 Synology | 1 Audio Station | 2024-09-17 | 7.3 High |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | ||||
CVE-2017-11154 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | ||||
CVE-2020-27655 | 1 Synology | 1 Router Manager | 2024-09-17 | 6.5 Medium |
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | ||||
CVE-2022-22682 | 1 Synology | 1 Calendar | 2024-09-17 | 6.5 Medium |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2021-43928 | 1 Synology | 1 Mail Station | 2024-09-17 | 9.9 Critical |
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-09-17 | N/A |
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | ||||
CVE-2018-13288 | 1 Synology | 1 File Station | 2024-09-17 | N/A |
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
CVE-2018-8920 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 7.2 High |
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | ||||
CVE-2018-13281 | 1 Synology | 3 Diskstation Manager, Skynas, Vs960hd | 2024-09-16 | N/A |
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | ||||
CVE-2018-8921 | 1 Synology | 1 Drive | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | ||||
CVE-2020-27657 | 1 Synology | 1 Router Manager | 2024-09-16 | 6.5 Medium |
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | ||||
CVE-2018-8915 | 1 Synology | 1 Calendar | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | ||||
CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-09-16 | N/A |
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | ||||
CVE-2018-8910 | 1 Synology | 1 Drive | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | ||||
CVE-2016-10322 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. |