synology

329 tracked vulnerabilities.

CVE-2017-15888 MEDIUM
Synology Audio Station < 6.3.0-3260 - Authenticated Stored XSS via Custom Internet Radio List NAME Parameter
Oct 30, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-14491 CRITICAL
dnsmasq < 2.78 - Remote Code Execution via Crafted DNS Response
Oct 04, 2017
CVSS 9.8
EPSS 0.50
CVE-2017-12071 MEDIUM
Synology Photo Station <6.7.4-3433, <6.3-2968 - SSRF
Sep 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-11162 MEDIUM
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - Authenticated Path Traversal
Sep 08, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-11161 CRITICAL
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - SQL Injection via article_id or type Parameter
Sep 08, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-11158 HIGH
Synology Cloud Station Drive < 4.2.5-4396 - Untrusted Search Path via DLL Hijacking
Aug 31, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11157 HIGH
Synology Cloud Station Backup < 4.2.4-4393 - Untrusted Search Path via DLL Hijacking
Aug 30, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12077 MEDIUM
Synology Router Manager <1.1.4-6509 - DoS
Aug 28, 2017
CVSS 4.9
EPSS 0.01
CVE-2017-12076 MEDIUM
Synology DiskStation Manager < 6.1.1-15088 - Authenticated Denial of Service via Port Forwarding Rules
Aug 28, 2017
CVSS 4.9
EPSS 0.00
CVE-2017-9555 MEDIUM
Synology Photo Station <6.7.0-3414 - XSS
Aug 24, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-12074 MEDIUM
Synology DNS Server <2.2.1-3042 - Path Traversal
Aug 24, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-11159 HIGH
Synology Photo Station Uploader < 1.4.2-084 - Untrusted Search Path via DLL Hijacking
Aug 23, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11160 HIGH
Synology Assistant < 6.1-15030 - Untrusted Search Path via DLL Hijacking
Aug 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11156 HIGH
Synology Download Station 3.x < 3.5-2984 & 3.8.x < 3.8.5-3475 - Authenticated RCE via Weak Permissions
Aug 14, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-11150 HIGH
Synology Office 2.2.0-1502 and 2.2.1-1506 - Authenticated OS Command Injection via RTF Document Filename
Aug 14, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-11149 MEDIUM
Synology Download Station 3.x < 3.5-2984 and 3.8.x < 3.8.5-3475 - Authenticated Server-Side Request Forgery
Aug 14, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-9556 MEDIUM
Synology Video Station <2.3.0-1435 - XSS
Aug 11, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-11148 MEDIUM
Synology Chat < 1.1.0-0806 - Authenticated Server-Side Request Forgery via Link Preview
Aug 11, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-11155 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Exposure of Sensitive System Information via index.php
Aug 08, 2017
CVSS 7.5
EPSS 0.29
CVE-2017-11154 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unrestricted File Upload via PixlrEditorHandler.php Type Parameter
Aug 08, 2017
CVSS 7.2
EPSS 0.07
CVE-2017-11153 CRITICAL
Synology Photo Station < 6.7.3-3432 RCE via Deserialization in synophoto_csPhotoMisc.php
Aug 08, 2017
CVSS 9.8
EPSS 0.15
CVE-2017-11152 HIGH
Synology Photo Station < 6.7.3-3432 Path Traversal & Arbitrary File Write via PixlrEditorHandler.php
Aug 08, 2017
CVSS 7.5
EPSS 0.14
CVE-2017-11151 CRITICAL
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unauthenticated Arbitrary File Upload via synotheme_upload.php
Aug 08, 2017
CVSS 9.8
EPSS 0.15
CVE-2017-9554 MEDIUM
Synology DSM <6.1.3-15152 - Info Disclosure
Jul 24, 2017
CVSS 5.3
EPSS 0.58
CVE-2017-9553 HIGH
Synology DSM <6.1.3-15152 - Auth Bypass
Jul 24, 2017
CVSS 7.5
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV