Filtered by vendor Synology
Subscribe
Total
251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | |||||
| CVE-2017-12072 | 1 Synology | 1 Photo Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | |||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||
| CVE-2017-11162 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | |||||
| CVE-2017-11159 | 2 Microsoft, Synology | 2 Windows, Photo Station Uploader | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||
| CVE-2017-11158 | 2 Microsoft, Synology | 2 Windows, Cloud Station Drive | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2019-10-09 | 6.5 MEDIUM | 7.8 HIGH |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | |||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
| CVE-2017-11153 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | |||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | |||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2016-6554 | 1 Synology | 6 Ds107, Ds107 Firmware, Ds116 and 3 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. | |||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||||
| CVE-2016-10329 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | |||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | |||||
| CVE-2015-9104 | 1 Synology | 1 Audio Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | |||||