synology

352 tracked vulnerabilities.

CVE-2017-12071 MEDIUM
Synology Photo Station <6.7.4-3433, <6.3-2968 - SSRF
Sep 08, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-11162 MEDIUM
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - Authenticated Path Traversal
Sep 08, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-11161 CRITICAL
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - SQL Injection via article_id or type Parameter
Sep 08, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-11158 HIGH
Synology Cloud Station Drive < 4.2.5-4396 - Untrusted Search Path via DLL Hijacking
Aug 31, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11157 HIGH
Synology Cloud Station Backup < 4.2.4-4393 - Untrusted Search Path via DLL Hijacking
Aug 30, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12077 MEDIUM
Synology Router Manager <1.1.4-6509 - DoS
Aug 28, 2017
CVSS 4.9
EPSS 0.01
CVE-2017-12076 MEDIUM
Synology DiskStation Manager < 6.1.1-15088 - Authenticated Denial of Service via Port Forwarding Rules
Aug 28, 2017
CVSS 4.9
EPSS 0.01
CVE-2017-9555 MEDIUM
Synology Photo Station <6.7.0-3414 - XSS
Aug 24, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-12074 MEDIUM
Synology DNS Server <2.2.1-3042 - Path Traversal
Aug 24, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-11159 HIGH
Synology Photo Station Uploader < 1.4.2-084 - Untrusted Search Path via DLL Hijacking
Aug 23, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11160 HIGH
Synology Assistant < 6.1-15030 - Untrusted Search Path via DLL Hijacking
Aug 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11156 HIGH
Synology Download Station 3.x < 3.5-2984 & 3.8.x < 3.8.5-3475 - Authenticated RCE via Weak Permissions
Aug 14, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-11150 HIGH
Synology Office 2.2.0-1502 and 2.2.1-1506 - Authenticated OS Command Injection via RTF Document Filename
Aug 14, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-11149 MEDIUM
Synology Download Station 3.x < 3.5-2984 and 3.8.x < 3.8.5-3475 - Authenticated Server-Side Request Forgery
Aug 14, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-9556 MEDIUM
Synology Video Station <2.3.0-1435 - XSS
Aug 11, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-11148 MEDIUM
Synology Chat < 1.1.0-0806 - Authenticated Server-Side Request Forgery via Link Preview
Aug 11, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-11155 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Exposure of Sensitive System Information via index.php
Aug 08, 2017
CVSS 7.5
EPSS 0.45
CVE-2017-11154 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unrestricted File Upload via PixlrEditorHandler.php Type Parameter
Aug 08, 2017
CVSS 7.2
EPSS 0.14
CVE-2017-11153 CRITICAL
Synology Photo Station < 6.7.3-3432 RCE via Deserialization in synophoto_csPhotoMisc.php
Aug 08, 2017
CVSS 9.8
EPSS 0.19
CVE-2017-11152 HIGH
Synology Photo Station < 6.7.3-3432 Path Traversal & Arbitrary File Write via PixlrEditorHandler.php
Aug 08, 2017
CVSS 7.5
EPSS 0.14
CVE-2017-11151 CRITICAL
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unauthenticated Arbitrary File Upload via synotheme_upload.php
Aug 08, 2017
CVSS 9.8
EPSS 0.25
CVE-2017-9554 MEDIUM
Synology DSM <6.1.3-15152 - Info Disclosure
Jul 24, 2017
CVSS 5.3
EPSS 0.75
CVE-2017-9553 HIGH
Synology DSM <6.1.3-15152 - Auth Bypass
Jul 24, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-9552 HIGH
Synology Photo Station <6.7.1-3419 - Info Disclosure
Jun 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-6554 CRITICAL
Synology NAS - Privilege Escalation
Jul 13, 2018
CVSS 9.8
EPSS 0.04