Vulnerabilities > Synology > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-15 CVE-2017-15890 Cross-site Scripting vulnerability in Synology Mailplus Server
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
network
low complexity
synology CWE-79
4.8
2017-12-08 CVE-2017-15895 Path Traversal vulnerability in Synology Router Manager
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
network
low complexity
synology CWE-22
6.5
2017-12-08 CVE-2017-15894 Path Traversal vulnerability in Synology Diskstation Manager
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
network
low complexity
synology CWE-22
6.5
2017-12-08 CVE-2017-15893 Path Traversal vulnerability in Synology File Station
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
network
low complexity
synology CWE-22
6.5
2017-12-08 CVE-2017-15891 Unspecified vulnerability in Synology Calendar
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
network
low complexity
synology
6.5
2017-12-04 CVE-2017-12080 Information Exposure vulnerability in Synology Photo Station
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.
network
low complexity
synology CWE-200
5.3
2017-10-30 CVE-2017-15888 Cross-site Scripting vulnerability in Synology Audio Station
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
network
low complexity
synology CWE-79
5.4
2017-09-08 CVE-2017-12071 Server-Side Request Forgery (SSRF) vulnerability in Synology Photo Station
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
network
low complexity
synology CWE-918
6.5
2017-09-08 CVE-2017-11162 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
6.5
2017-08-28 CVE-2017-12077 Resource Exhaustion vulnerability in Synology Router Manager
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
network
low complexity
synology CWE-400
4.9