Vulnerabilities > Synology

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-28	CVE-2017-15886	Server-Side Request Forgery (SSRF) vulnerability in Synology Chat Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. network low complexity synology CWE-918	6.5
2017-12-27	CVE-2017-16768	Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. network low complexity synology CWE-79	4.8
2017-12-22	CVE-2017-16766	Injection vulnerability in Synology Diskstation Manager An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. network low complexity synology CWE-74	6.5
2017-12-20	CVE-2017-12072	Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. network low complexity synology CWE-79	5.4
2017-12-15	CVE-2017-15890	Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. network low complexity synology CWE-79	4.8
2017-12-08	CVE-2017-15895	Path Traversal vulnerability in Synology Router Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. network low complexity synology CWE-22	6.5
2017-12-08	CVE-2017-15894	Path Traversal vulnerability in Synology Diskstation Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. network low complexity synology CWE-22	6.5
2017-12-08	CVE-2017-15893	Path Traversal vulnerability in Synology File Station Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. network low complexity synology CWE-22	6.5
2017-12-08	CVE-2017-15891	Unspecified vulnerability in Synology Calendar Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. network low complexity synology	6.5
2017-12-04	CVE-2017-15889	Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. network low complexity synology CWE-77	8.8

Vulnerabilities > Synology {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Synology"}]}

Vulnerabilities > Synology