Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2018-06-08 CVE-2018-8926 Unspecified vulnerability in Synology Photo Station
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
network
low complexity
synology
8.8
2018-06-08 CVE-2018-8925 Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
network
low complexity
synology CWE-352
8.8
2018-06-08 CVE-2018-8916 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
network
low complexity
synology CWE-640
8.8
2018-06-08 CVE-2017-12078 Command Injection vulnerability in Synology Router Manager
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
network
low complexity
synology CWE-77
7.2
2018-06-08 CVE-2017-12075 Command Injection vulnerability in Synology Diskstation Manager
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
network
low complexity
synology CWE-77
7.2
2018-06-05 CVE-2018-8924 Cross-site Scripting vulnerability in Synology Office
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
network
low complexity
synology CWE-79
5.4
2018-06-05 CVE-2018-8923 Cross-site Scripting vulnerability in Synology File Station
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4
2018-06-01 CVE-2018-8922 Unspecified vulnerability in Synology Drive Server 1.0.210275
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
network
low complexity
synology
6.5
2018-06-01 CVE-2018-8921 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
network
low complexity
synology CWE-79
5.4
2018-05-10 CVE-2018-8915 Cross-site Scripting vulnerability in Synology Calendar
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
network
low complexity
synology CWE-79
5.4