Vulnerabilities > Synology > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-18 | CVE-2021-34808 | Unspecified vulnerability in Synology Media Server Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | 5.3 |
| 2021-06-18 | CVE-2021-34811 | Unspecified vulnerability in Synology Download Station Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |
| 2021-06-02 | CVE-2021-29091 | Unspecified vulnerability in Synology Photo Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. | 6.5 |
| 2021-06-01 | CVE-2021-33182 | Path Traversal vulnerability in Synology Diskstation Manager Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. | 4.3 |
| 2021-02-26 | CVE-2021-26565 | Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | 5.9 |
| 2021-02-26 | CVE-2021-26563 | Incorrect Authorization vulnerability in Synology products Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | 6.7 |
| 2020-11-30 | CVE-2020-27659 | Cross-site Scripting vulnerability in Synology Safeaccess Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | 4.8 |
| 2020-10-29 | CVE-2020-27658 | Incorrect Permission Assignment for Critical Resource vulnerability in Synology Router Manager Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 6.1 |
| 2020-10-29 | CVE-2020-27657 | Cleartext Transmission of Sensitive Information vulnerability in Synology Router Manager Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | 5.9 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |