Vulnerabilities > Synology
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-08 | CVE-2017-11151 | Improper Authentication vulnerability in Synology Photo Station A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | 9.8 |
2017-07-24 | CVE-2017-9554 | Information Exposure vulnerability in Synology Diskstation Manager An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | 5.3 |
2017-07-24 | CVE-2017-9553 | Unspecified vulnerability in Synology Diskstation Manager A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | 7.5 |
2017-06-30 | CVE-2015-9105 | Cross-site Scripting vulnerability in Synology Video Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | 5.4 |
2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 5.4 |
2017-06-30 | CVE-2015-9103 | Cross-site Scripting vulnerability in Synology Note Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | 5.4 |
2017-06-30 | CVE-2015-9102 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | 5.4 |
2017-06-13 | CVE-2017-9552 | Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. | 7.8 |
2017-05-12 | CVE-2016-10331 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | 7.5 |
2017-05-12 | CVE-2016-10330 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | 7.1 |