Filtered by vendor Synology
Subscriptions
Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13291 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
CVE-2018-13288 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
CVE-2018-13284 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
CVE-2018-13283 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A |
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | ||||
CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
CVE-2018-13281 | 1 Synology | 3 Diskstation Manager, Skynas, Vs960hd | 2024-11-21 | N/A |
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | ||||
CVE-2018-13280 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | ||||
CVE-2017-9556 | 1 Synology | 1 Video Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | ||||
CVE-2017-9555 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||
CVE-2017-9554 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | ||||
CVE-2017-9553 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | ||||
CVE-2017-9552 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". | ||||
CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2024-11-21 | 5.6 Medium |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-11-21 | N/A |
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. |