Filtered by vendor Synology
Subscriptions
Total
251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15890 | 1 Synology | 1 Mailplus Server | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | ||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | ||||
| CVE-2021-27646 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 9.8 Critical |
| Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | ||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2017-16771 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | N/A |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | ||||
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2024-09-16 | N/A |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | ||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | ||||
| CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | ||||
| CVE-2018-13283 | 1 Synology | 1 Ssl Vpn Client | 2024-09-16 | N/A |
| Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | ||||
| CVE-2018-8924 | 1 Synology | 1 Office | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | ||||
| CVE-2022-27616 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2019-11829 | 1 Synology | 1 Calendar | 2024-09-16 | 7.3 High |
| OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | ||||
| CVE-2017-11159 | 2 Microsoft, Synology | 2 Windows, Photo Station Uploader | 2024-09-16 | N/A |
| Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | ||||
| CVE-2022-43748 | 1 Synology | 1 Presto File Server | 2024-09-16 | 5.8 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
| CVE-2021-34811 | 1 Synology | 1 Download Station | 2024-09-16 | 5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2022-22684 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2024-09-16 | N/A |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | ||||
| CVE-2017-11153 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | ||||