Vulnerabilities > Synology > Audio Station
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-28 | CVE-2022-27611 | Unspecified vulnerability in Synology Audio Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 8.1 |
2022-07-28 | CVE-2022-27612 | Classic Buffer Overflow vulnerability in Synology Audio Station Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | 9.8 |
2017-10-30 | CVE-2017-15888 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | 5.4 |
2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 5.4 |