Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2017-12-04 CVE-2017-12080 Information Exposure vulnerability in Synology Photo Station
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.
network
low complexity
synology CWE-200
5.0
2017-12-04 CVE-2017-12079 Information Exposure vulnerability in Synology Photo Station
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
network
low complexity
synology CWE-200
5.0
2017-11-07 CVE-2017-15887 Improper Restriction of Excessive Authentication Attempts vulnerability in Synology Carddav Server
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
network
low complexity
synology CWE-307
5.0
2017-10-30 CVE-2017-15888 Cross-site Scripting vulnerability in Synology Audio Station
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
network
synology CWE-79
3.5
2017-10-04 CVE-2017-14491 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
9.8
2017-09-08 CVE-2017-12071 Server-Side Request Forgery (SSRF) vulnerability in Synology Photo Station
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
network
low complexity
synology CWE-918
4.0
2017-09-08 CVE-2017-11162 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
4.0
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
7.5
2017-08-31 CVE-2017-11158 Untrusted Search Path vulnerability in Synology Cloud Station Drive
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology microsoft CWE-426
4.6
2017-08-30 CVE-2017-11157 Untrusted Search Path vulnerability in Synology Cloud Station Backup
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology microsoft CWE-426
4.6