Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2017-09-08 CVE-2017-12071 Server-Side Request Forgery (SSRF) vulnerability in Synology Photo Station
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
network
low complexity
synology CWE-918
6.5
2017-09-08 CVE-2017-11162 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
6.5
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
critical
9.8
2017-08-31 CVE-2017-11158 Untrusted Search Path vulnerability in Synology Cloud Station Drive
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-30 CVE-2017-11157 Untrusted Search Path vulnerability in Synology Cloud Station Backup
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-28 CVE-2017-12077 Resource Exhaustion vulnerability in Synology Router Manager
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
network
low complexity
synology CWE-400
4.9
2017-08-28 CVE-2017-12076 Resource Exhaustion vulnerability in Synology Diskstation Manager
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
network
low complexity
synology CWE-400
4.9
2017-08-24 CVE-2017-9555 Cross-site Scripting vulnerability in Synology Photo Station
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
network
low complexity
synology CWE-79
5.4
2017-08-24 CVE-2017-12074 Path Traversal vulnerability in Synology DNS Server
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
network
low complexity
synology CWE-22
6.5
2017-08-23 CVE-2017-11159 Untrusted Search Path vulnerability in Synology Photo Station Uploader
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8