Vulnerabilities > Synology > Audio Station

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2022-27611 Unspecified vulnerability in Synology Audio Station
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology
8.1
2022-07-28 CVE-2022-27612 Classic Buffer Overflow vulnerability in Synology Audio Station
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-120
critical
9.8
2017-10-30 CVE-2017-15888 Cross-site Scripting vulnerability in Synology Audio Station
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
network
low complexity
synology CWE-79
5.4
2017-06-30 CVE-2015-9104 Cross-site Scripting vulnerability in Synology Audio Station
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.
network
low complexity
synology CWE-79
5.4