Filtered by vendor Synology
Subscribe
Total
298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | |||||
| CVE-2017-16771 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2017-16773 | 1 Synology | 1 Universal Search | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | |||||
| CVE-2017-16772 | 1 Synology | 1 Photo Station | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | |||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
| CVE-2017-15895 | 1 Synology | 1 Router Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2017-15893 | 1 Synology | 1 File Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2017-15891 | 1 Synology | 1 Calendar | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | |||||
| CVE-2017-15890 | 1 Synology | 1 Mailplus Server | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | |||||
| CVE-2017-15892 | 1 Synology | 1 Chat | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | |||||
| CVE-2017-15888 | 1 Synology | 1 Audio Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | |||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | |||||
| CVE-2017-12080 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. | |||||
| CVE-2017-12072 | 1 Synology | 1 Photo Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | |||||
| CVE-2017-12078 | 1 Synology | 1 Router Manager | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | |||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||