Vulnerabilities > Synology > Media Server > 1.4.2642

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-34808 Server-Side Request Forgery (SSRF) vulnerability in Synology Media Server
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
5.0
5.0
2021-06-01 CVE-2021-33180 SQL Injection vulnerability in Synology Media Server
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
synology CWE-89
7.5
7.5
2018-05-10 CVE-2018-8914 SQL Injection vulnerability in Synology Media Server
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
network
low complexity
synology CWE-89
7.5
7.5