Vulnerabilities > Synology > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.
network
low complexity
ntp synology slackware canonical netapp
7.5
2017-12-04 CVE-2017-15889 Command Injection vulnerability in Synology Diskstation Manager
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
network
low complexity
synology CWE-77
8.8
2017-12-04 CVE-2017-12079 Information Exposure vulnerability in Synology Photo Station
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
network
low complexity
synology CWE-200
7.5
2017-08-31 CVE-2017-11158 Untrusted Search Path vulnerability in Synology Cloud Station Drive
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-30 CVE-2017-11157 Untrusted Search Path vulnerability in Synology Cloud Station Backup
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-23 CVE-2017-11159 Untrusted Search Path vulnerability in Synology Photo Station Uploader
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-18 CVE-2017-11160 Untrusted Search Path vulnerability in Synology Assistant
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
local
low complexity
synology CWE-426
7.8
2017-08-14 CVE-2017-11156 Incorrect Permission Assignment for Critical Resource vulnerability in Synology Download Station
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
local
low complexity
synology CWE-732
7.8
2017-08-14 CVE-2017-11150 OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
local
low complexity
synology CWE-78
7.8