synology

329 tracked vulnerabilities.

CVE-2017-16775 HIGH
Synology SSO Server <2.1.3-0129 - CSRF
Apr 01, 2019
CVSS 7.1
EPSS 0.00
CVE-2017-16774 MEDIUM
Synology DSM 5.2-6.1.4-15217-2 Authenticated Stored XSS via PersonalNotification
Apr 01, 2019
CVSS 6.5
EPSS 0.00
CVE-2017-16773 MEDIUM
Synology Universal Search <1.0.5-0135 - Auth Bypass
Jul 05, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-12078 HIGH
Synology Router Manager <1.1.6-6931 - Command Injection
Jun 08, 2018
CVSS 7.2
EPSS 0.07
CVE-2017-12075 HIGH
Synology DSM <6.2-23739 - Command Injection
Jun 08, 2018
CVSS 7.2
EPSS 0.02
CVE-2017-16772 HIGH
Synology Photo Station <6.8.3-3463, <6.3-2971 - RCE
Mar 22, 2018
CVSS 8.8
EPSS 0.01
CVE-2017-16771 MEDIUM
Synology Photo Station <6.8.3-3463, <6.3-2971 - XSS
Mar 22, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-16770 MEDIUM
Synology Surveillance Station <8.1.2-5469 - Info Disclosure
Feb 27, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-16767 MEDIUM
Synology Surveillance Station <8.1.2-5469 - XSS
Feb 27, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-16769 MEDIUM
Synology Photo Station <6.8.1-3458 - Info Disclosure
Feb 23, 2018
CVSS 5.3
EPSS 0.00
CVE-2017-5753 MEDIUM
Intel Atom - Information Disclosure via Speculative Execution Side-Channel
Jan 04, 2018
CVSS 5.6
EPSS 0.94
CVE-2017-15892 MEDIUM
Synology Chat < 2.0.0-1124 - Authenticated Cross-Site Scripting via Slash Command Creator Parameters
Dec 28, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-15886 MEDIUM
Synology Chat < 2.0.0-1124 - Authenticated Server-Side Request Forgery via Link Preview
Dec 28, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-16768 MEDIUM
Synology MailPlus Server <1.4.0-0415 - XSS
Dec 27, 2017
CVSS 4.8
EPSS 0.00
CVE-2017-16766 MEDIUM
Synology DSM <6.1.4-15217, <6.0.3-8754-6 - XSS
Dec 22, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-12072 MEDIUM
Synology Photo Station <6.8.0-3456 - XSS
Dec 20, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-15890 MEDIUM
Synology MailPlus Server < 1.4.0-0415 - Authenticated Cross-Site Scripting via Disclaimer NAME Parameter
Dec 15, 2017
CVSS 4.8
EPSS 0.00
CVE-2017-15895 MEDIUM
Synology Router Manager < 1.1.5-6542-4 - Path Traversal & Arbitrary File Write
Dec 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-15894 MEDIUM
Synology DSM <5.2-5967-6/6.0.x<6.0.3-8754-3 Authenticated Path Traversal & Arbitrary File Write
Dec 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-15893 MEDIUM
Synology File Station < 1.1.1-0099 - Path Traversal & Arbitrary File Write
Dec 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-15891 MEDIUM
Synology Calendar < 2.0.1-0242 - Authenticated Calendar Event Modification via SYNO.Cal.EventBase
Dec 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-15889 HIGH
Synology DiskStation Manager < 5.2-5967-5 - Authenticated Command Injection via smart.cgi Disk Field
Dec 04, 2017
CVSS 8.8
EPSS 0.62
CVE-2017-12080 MEDIUM
Synology Photo Station <6.8.1-3458, <6.3-2970 - Info Disclosure
Dec 04, 2017
CVSS 5.3
EPSS 0.00
CVE-2017-12079 HIGH
Synology Photo Station <6.8.1-3458, <6.3-2970 - Info Disclosure
Dec 04, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-15887 CRITICAL
Synology CardDAV Server < 6.0.7-0085 - Unauthenticated Brute-Force Attack via /principals
Nov 07, 2017
CVSS 9.8
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV