Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-11 | CVE-2015-6911 | SQL Injection vulnerability in Synology Video Station SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | 7.5 |
| 2015-09-11 | CVE-2015-6910 | SQL Injection vulnerability in Synology Video Station SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | 7.5 |
| 2015-09-11 | CVE-2015-6909 | Cross-site Scripting vulnerability in Synology Download Station Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. | 4.3 |
| 2015-06-18 | CVE-2015-4656 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/. | 4.3 |
| 2015-06-18 | CVE-2015-4655 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | 4.3 |
| 2015-05-30 | CVE-2015-2851 | Permissions, Privileges, and Access Controls vulnerability in Synology Cloud Station client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. | 6.8 |
| 2015-04-01 | CVE-2015-2809 | Information Exposure vulnerability in Synology Diskstation Manager 3.0 The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | 5.0 |
| 2014-10-02 | CVE-2014-6868 | Cryptographic Issues vulnerability in Synology DS Audio 3.4 The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-30 | CVE-2014-6848 | Cryptographic Issues vulnerability in Synology DS File 4.1.1 The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-30 | CVE-2014-6836 | Cryptographic Issues vulnerability in Synology DS Photo+ 3.3 The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |