Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-22 | CVE-2017-16772 | Improper Input Validation vulnerability in Synology Photo Station Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | 8.8 |
| 2018-03-22 | CVE-2017-16771 | Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 6.1 |
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | 7.5 |
| 2018-03-06 | CVE-2018-7184 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. | 7.5 |
| 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 5.3 |
| 2018-02-27 | CVE-2017-16770 | Information Exposure vulnerability in Synology Surveillance Station File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | 6.5 |
| 2018-02-27 | CVE-2017-16767 | Cross-site Scripting vulnerability in Synology Surveillance Station Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | 5.4 |
| 2018-02-23 | CVE-2017-16769 | Information Exposure vulnerability in Synology Photo Station 6.8.13458 Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | 5.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2017-12-28 | CVE-2017-15892 | Cross-site Scripting vulnerability in Synology Chat Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | 5.4 |