Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |
| 2017-09-08 | CVE-2017-12071 | Server-Side Request Forgery (SSRF) vulnerability in Synology Photo Station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | 6.5 |
| 2017-09-08 | CVE-2017-11162 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | 6.5 |
| 2017-09-08 | CVE-2017-11161 | SQL Injection vulnerability in Synology Photo Station Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | 9.8 |
| 2017-08-31 | CVE-2017-11158 | Untrusted Search Path vulnerability in Synology Cloud Station Drive Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-30 | CVE-2017-11157 | Untrusted Search Path vulnerability in Synology Cloud Station Backup Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-28 | CVE-2017-12077 | Resource Exhaustion vulnerability in Synology Router Manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 4.9 |
| 2017-08-28 | CVE-2017-12076 | Resource Exhaustion vulnerability in Synology Diskstation Manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 4.9 |
| 2017-08-24 | CVE-2017-9555 | Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | 5.4 |
| 2017-08-24 | CVE-2017-12074 | Path Traversal vulnerability in Synology DNS Server Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | 6.5 |