Filtered by vendor Synology
Subscriptions
Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-11827 | 1 Synology | 1 Note Station | 2024-11-21 | 6.5 Medium |
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | ||||
CVE-2019-11826 | 1 Synology | 1 Moments | 2024-11-21 | 8 High |
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | ||||
CVE-2019-11825 | 1 Synology | 1 Calendar | 2024-11-21 | 6.5 Medium |
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-11-21 | 8.6 High |
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | ||||
CVE-2019-11822 | 1 Synology | 1 Photo Station | 2024-11-21 | 4.3 Medium |
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | ||||
CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.3 High |
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||
CVE-2019-11820 | 1 Synology | 1 Calendar | 2024-11-21 | 5.5 Medium |
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | ||||
CVE-2018-8929 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A |
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | ||||
CVE-2018-8928 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | ||||
CVE-2018-8927 | 1 Synology | 1 Calendar | 2024-11-21 | N/A |
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | ||||
CVE-2018-8926 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | ||||
CVE-2018-8925 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | ||||
CVE-2018-8924 | 1 Synology | 1 Office | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | ||||
CVE-2018-8923 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | ||||
CVE-2018-8922 | 1 Synology | 1 Drive Server | 2024-11-21 | N/A |
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | ||||
CVE-2018-8921 | 1 Synology | 1 Drive Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | ||||
CVE-2018-8920 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 7.2 High |
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | ||||
CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | ||||
CVE-2018-8918 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
CVE-2018-8917 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. |