Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9514 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9513 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. 7.5
2019-08-13 CVE-2019-9511 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service.
7.5
2019-06-30 CVE-2019-11829 OS Command Injection vulnerability in Synology Calendar
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
network
low complexity
synology CWE-78
critical
9.8
2019-06-30 CVE-2019-11828 Cross-site Scripting vulnerability in Synology Office
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
synology CWE-79
5.4
2019-06-30 CVE-2019-11827 Cross-site Scripting vulnerability in Synology Note Station
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
network
low complexity
synology CWE-79
5.4
2019-06-30 CVE-2019-11826 Path Traversal vulnerability in Synology Moments
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
network
low complexity
synology CWE-22
8.8
2019-06-30 CVE-2019-11825 Cross-site Scripting vulnerability in Synology Calendar
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
network
low complexity
synology CWE-79
5.4
2019-06-30 CVE-2019-11822 Path Traversal vulnerability in Synology Photo Station
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
network
low complexity
synology CWE-22
6.5