synology

329 tracked vulnerabilities.

CVE-2018-8917 MEDIUM
Synology DiskStation Manager < 6.1.6-15266 - Cross-Site Scripting via Host Parameter
Dec 24, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8918 MEDIUM
Synology Router Manager < 1.1.7-6941 - Cross-Site Scripting via Host Parameter
Dec 24, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-1160 CRITICAL
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Dec 20, 2018
CVSS 9.8
EPSS 0.89
CVE-2018-13282 MEDIUM
Synology Photo Station <6.8.7-3481 - Info Disclosure
Oct 31, 2018
CVSS 5.6
EPSS 0.00
CVE-2018-13281 MEDIUM
Synology DiskStation Manager < 6.2-23739-2 - Authenticated Information Exposure via SYNO.Core.ACL file_path Parameter
Oct 31, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-13280 HIGH
Synology DSM <6.2-23739 - Info Disclosure
Jul 30, 2018
CVSS 7.4
EPSS 0.00
CVE-2018-8929 HIGH
Synology SSL VPN Client <1.2.4-0224 - SSRF
Jul 06, 2018
CVSS 7.3
EPSS 0.00
CVE-2018-8928 MEDIUM
Synology CardDAV Server < 6.0.8-0086 - Authenticated Cross-Site Scripting via Family Name Parameter
Jul 05, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8927 MEDIUM
Synology Calendar < 2.1.2-0511 - Authenticated Arbitrary Event Creation via cal_id or original_cal_id Parameter
Jun 14, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-8926 HIGH
Synology Photo Station 6.3-2958 to 6.3-2975 - Authenticated Privilege Escalation via Fullname Parameter
Jun 08, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-8925 HIGH
Synology Photo Station < 6.3-2975 - Cross-Site Request Forgery via admin/user.php Parameters
Jun 08, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-8916 MEDIUM
Synology DiskStation Manager < 6.2-23739 - Authenticated Unverified Password Change
Jun 08, 2018
CVSS 6.3
EPSS 0.00
CVE-2018-8924 MEDIUM
Synology Office < 3.0.3-2143 - Authenticated Stored Cross-Site Scripting via Title Tooltip
Jun 05, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8923 MEDIUM
Synology File Station < 1.1.4-0122 - Authenticated Cross-Site Scripting in Attachment Preview
Jun 05, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8922 MEDIUM
Synology Drive < 1.0.2-10275 - Authenticated Improper Access Control
Jun 01, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8921 MEDIUM
Synology Drive < 1.0.2-10275 - Authenticated Stored Cross-Site Scripting via File Sharing Notify Toast
Jun 01, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8915 MEDIUM
Synology Calendar < 2.1.1-0502 - Authenticated Cross-Site Scripting via Notification Center Title Parameter
May 10, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8914 HIGH
Synology Media Server < 1.4-2654 - SQL Injection via UPnP DMA ObjectID Parameter
May 10, 2018
CVSS 7.3
EPSS 0.00
CVE-2018-8910 MEDIUM
Synology Drive < 1.0.1-10253 - Authenticated Stored Cross-Site Scripting in Attachment Preview
May 10, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8912 MEDIUM
Synology Note Station < 2.5.1-0844 - Authenticated Stored Cross-Site Scripting via commit_msg Parameter
May 09, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8911 MEDIUM
Synology Note Station < 2.5.1-0844 - Authenticated Cross-Site Scripting in Attachment Preview
May 09, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8897 HIGH
Intel 64 and IA-32 Architectures - Privilege Escalation
May 08, 2018
CVSS 7.8
EPSS 0.25
CVE-2018-7185 HIGH
ntp 4.2.6-4.2.8 - Denial of Service via Zero-Origin Timestamp Packet
Mar 06, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-7184 HIGH
ntp 4.2.8p4-4.2.8p10 - Remote Denial of Service via Zero-Origin Timestamp
Mar 06, 2018
CVSS 7.5
EPSS 0.13
CVE-2018-7170 MEDIUM
ntp 4.2.x < 4.2.8p7 and 4.3.x < 4.3.92 - Authenticated Sybil Attack via Ephemeral Association Flood
Mar 06, 2018
CVSS 5.3
EPSS 0.01
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV