High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-13	CVE-2017-9552	Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. local low complexity synology CWE-287	7.8
2017-05-12	CVE-2016-10331	Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. network low complexity synology CWE-22	7.5
2017-05-12	CVE-2016-10330	Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. local low complexity synology CWE-22	7.1
2017-04-10	CVE-2016-10323	Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. local low complexity synology CWE-264	7.8
2017-04-10	CVE-2016-10322	Command Injection vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. network low complexity synology CWE-77	8.8