Filtered by vendor Synology
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-8923 | 1 Synology | 1 File Station | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | ||||
CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2024-09-16 | N/A |
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | ||||
CVE-2021-29085 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2024-09-16 | 8.6 High |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2021-29089 | 1 Synology | 1 Photo Station | 2024-09-16 | 9.8 Critical |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2021-43929 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 6.5 Medium |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-15886 | 1 Synology | 1 Chat | 2024-09-16 | N/A |
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | ||||
CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 4.7 Medium |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
CVE-2017-15891 | 1 Synology | 1 Calendar | 2024-09-16 | N/A |
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | ||||
CVE-2017-12077 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
CVE-2017-11149 | 1 Synology | 1 Download Station | 2024-09-16 | N/A |
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | ||||
CVE-2018-8929 | 1 Synology | 1 Ssl Vpn Client | 2024-09-16 | N/A |
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | ||||
CVE-2017-11152 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | ||||
CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2024-09-16 | 8.3 High |
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2021-43927 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 4.7 Medium |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 7.8 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
CVE-2021-27647 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 9.8 Critical |
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | ||||
CVE-2019-11820 | 1 Synology | 1 Calendar | 2024-09-16 | 5.5 Medium |
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | ||||
CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
CVE-2022-27610 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 6.5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. |