Vulnerabilities > Synology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-04 | CVE-2017-15889 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | 8.8 |
| 2017-12-04 | CVE-2017-12079 | Information Exposure vulnerability in Synology Photo Station Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | 7.5 |
| 2017-08-31 | CVE-2017-11158 | Untrusted Search Path vulnerability in Synology Cloud Station Drive Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-30 | CVE-2017-11157 | Untrusted Search Path vulnerability in Synology Cloud Station Backup Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-23 | CVE-2017-11159 | Untrusted Search Path vulnerability in Synology Photo Station Uploader Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-18 | CVE-2017-11160 | Untrusted Search Path vulnerability in Synology Assistant Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-14 | CVE-2017-11156 | Incorrect Permission Assignment for Critical Resource vulnerability in Synology Download Station Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | 7.8 |
| 2017-08-14 | CVE-2017-11150 | OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 7.8 |
| 2017-08-08 | CVE-2017-11155 | Information Exposure vulnerability in Synology Photo Station An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | 7.5 |
| 2017-08-08 | CVE-2017-11154 | Unrestricted Upload of File with Dangerous Type vulnerability in Synology Photo Station Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | 7.2 |