Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2019-06-30 CVE-2019-11821 SQL Injection vulnerability in Synology Photo Station
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
network
low complexity
synology CWE-89
critical
9.8
2019-05-09 CVE-2019-11820 Insufficiently Protected Credentials vulnerability in Synology Calendar
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
local
low complexity
synology CWE-522
5.5
2019-04-17 CVE-2019-9499 Improper Authentication vulnerability in multiple products
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
8.1
2019-04-17 CVE-2019-9498 Improper Authentication vulnerability in multiple products
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
8.1
2019-04-17 CVE-2019-9495 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.
3.7
2019-04-17 CVE-2019-9494 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.
5.9
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
2019-04-01 CVE-2018-8913 Open Redirect vulnerability in Synology web Station
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
network
low complexity
synology CWE-601
6.1
2019-04-01 CVE-2018-13299 Path Traversal vulnerability in Synology Calendar
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
network
low complexity
synology CWE-22
6.5
2019-04-01 CVE-2018-13298 Unspecified vulnerability in Synology Moments
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
network
high complexity
synology
8.1