Filtered by vendor Synology
Subscriptions
Total
321 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11153 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | ||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2025-04-20 | N/A |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | ||||
| CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | ||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | ||||
| CVE-2017-9555 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||
| CVE-2017-12080 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. | ||||
| CVE-2017-15890 | 1 Synology | 1 Mailplus Server | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | ||||
| CVE-2015-9103 | 1 Synology | 1 Note Station | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | ||||
| CVE-2016-10323 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | ||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | ||||
| CVE-2016-10322 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | ||||
| CVE-2015-9102 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | ||||
| CVE-2015-9104 | 1 Synology | 1 Audio Station | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | ||||
| CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2025-04-20 | N/A |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2025-04-20 | N/A |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | ||||
| CVE-2017-9552 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". | ||||
| CVE-2017-9553 | 1 Synology | 1 Diskstation Manager | 2025-04-20 | N/A |
| A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | ||||
| CVE-2017-11162 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-12077 | 1 Synology | 1 Router Manager | 2025-04-20 | N/A |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | ||||