Vulnerabilities > Synology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-30 | CVE-2019-11826 | Path Traversal vulnerability in Synology Moments Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | 8.8 |
| 2019-04-17 | CVE-2019-9499 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9498 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-01 | CVE-2018-13298 | Unspecified vulnerability in Synology Moments Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | 8.1 |
| 2019-04-01 | CVE-2018-13296 | Resource Exhaustion vulnerability in Synology Mailplus Server Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | 7.5 |
| 2019-04-01 | CVE-2018-13285 | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2018-13284 | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2018-13283 | Unspecified vulnerability in Synology SSL VPN Client Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | 7.4 |
| 2018-12-24 | CVE-2018-8920 | Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 7.2 |
| 2018-07-06 | CVE-2018-8929 | Channel and Path Errors vulnerability in Synology SSL VPN Client Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | 8.1 |