synology

329 tracked vulnerabilities.

CVE-2017-9552 HIGH
Synology Photo Station <6.7.1-3419 - Info Disclosure
Jun 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-6554 CRITICAL
Synology NAS - Privilege Escalation
Jul 13, 2018
CVSS 9.8
EPSS 0.01
CVE-2016-10331 HIGH
Synology Photo Station < 6.5.3-3226 - Path Traversal via Download ID Parameter
May 12, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-10330 HIGH
Synology Photo Station < 6.5.3-3226 - Local Arbitrary File Write via synophoto_dsm_user Path Traversal
May 12, 2017
CVSS 7.1
EPSS 0.00
CVE-2016-10329 CRITICAL
Synology Photo Station < 6.5.3-3226 - Remote Code Execution via X-Forwarded-For Header
May 12, 2017
CVSS 9.8
EPSS 0.11
CVE-2016-10323 HIGH
Synology Photo Station < 6.3-2958 - Privilege Escalation via synophoto_dsm_user Command
Apr 10, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-10322 HIGH
Synology Photo Station < 6.3-2954 - Authenticated Command Injection via X-Forwarded-For Header
Apr 10, 2017
CVSS 8.8
EPSS 0.03
CVE-2015-9105 MEDIUM
Synology Video Station 1.2-0455 1.5-0772 1.6-0847 - Authenticated Cross-Site Scripting via File or Collection Name
Jun 30, 2017
CVSS 5.4
EPSS 0.00
CVE-2015-9104 MEDIUM
Synology Audio Station 5.1-2550 5.4-2857 - Authenticated Stored Cross-Site Scripting via Album Title
Jun 30, 2017
CVSS 5.4
EPSS 0.00
CVE-2015-9103 MEDIUM
Synology Note Station < 1.1-0212 - Authenticated Cross-Site Scripting via Note Title or Attachment File Name
Jun 30, 2017
CVSS 5.4
EPSS 0.00
CVE-2015-9102 MEDIUM
Synology Photo Station <6.0-2638 & 6.3<6.3-2962 Authenticated XSS via Album/File/Description/Tag
Jun 30, 2017
CVSS 5.4
EPSS 0.00
CVE-2015-6913
Synology Download Station < 3.5-2963 - Cross-Site Scripting via URL Parameter in Download Task Creation
Sep 11, 2015
EPSS 0.00
CVE-2015-6912
Synology Video Station < 1.5-0757 - Remote Command Execution via Subtitle Codepage Parameter
Sep 11, 2015
EPSS 0.30
CVE-2015-6911
Synology Video Station < 1.5-0757 - SQL Injection via id Parameter
Sep 11, 2015
EPSS 0.02
CVE-2015-6910
Synology Video Station < 1.5-0754 - SQL Injection via id Parameter
Sep 11, 2015
EPSS 0.01
CVE-2015-6909
Synology Download Station < 3.5-2956 - Cross-Site Scripting via Torrent File Name Element
Sep 11, 2015
EPSS 0.00
CVE-2015-4656
Synology Photo Station < 6.3-2944 - Cross-Site Scripting via Login Success Parameter or URL Parameters
Jun 18, 2015
EPSS 0.00
CVE-2015-4655
Synology DiskStation Manager < 5.2-5565 - Cross-Site Scripting via entry.cgi Compound Parameter
Jun 18, 2015
EPSS 0.00
CVE-2015-2851
Synology Cloud Station 1.1-2291-3.1-3320 - Arbitrary File Ownership Change via client_chown
May 30, 2015
EPSS 0.00
CVE-2015-2809
Synology DiskStation Manager < 3.1 - Information Disclosure via mDNS Responder
Apr 01, 2015
EPSS 0.02
CVE-2014-6868
DS audio 3.4 - Man-in-the-Middle via Unverified X.509 Certificates
Oct 02, 2014
EPSS 0.00
CVE-2014-6848
DS File 4.1.1 - SSL Man-In-The-Middle
Sep 30, 2014
EPSS 0.00
CVE-2014-6836
DS photo+ 3.3 - Man-in-the-Middle via Unverified X.509 Certificates
Sep 30, 2014
EPSS 0.00
CVE-2014-2264
Synology DSM 4.3-3810 - Info Disclosure
Mar 02, 2014
EPSS 0.01
CVE-2013-6955
Synology DiskStation Manager - Arbitrary File Write via SLICEUPLOAD X-TMP-FILE Header
Jan 09, 2014
EPSS 0.83
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV