synology

329 tracked vulnerabilities.

CVE-2019-9499 HIGH
hostapd and wpa_supplicant < 2.4 - Origin Validation Error in EAP-PWD Commit
Apr 17, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-9498 HIGH
hostapd and wpa_supplicant <= 2.4 - Authentication Bypass via Invalid EAP-PWD Scalar/Element Values
Apr 17, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-9495 LOW
hostapd/wpa_supplicant <2.7 - Info Disclosure
Apr 17, 2019
CVSS 3.7
EPSS 0.06
CVE-2019-9494 MEDIUM
Hostapd & Wpa_Supplicant <2.7 - Info Disclosure
Apr 17, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-3870 MEDIUM
Samba 4.9.0-4.9.6 - Incorrect Default Permissions in AD DC Installation Directory
Apr 09, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-8913 HIGH
Synology Web Station <2.1.3-0139 - CSRF
Apr 01, 2019
CVSS 7.1
EPSS 0.00
CVE-2018-13299 MEDIUM
Synology Calendar < 2.2.2-0532 - Authenticated Path Traversal and Arbitrary File Write via Attachment Uploader
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13298 MEDIUM
Synology Android Moments <1.2.3-199 - RCE
Apr 01, 2019
CVSS 4.2
EPSS 0.00
CVE-2018-13297 MEDIUM
Synology Drive < 1.1.2-10562 - Information Exposure via dsm_path Parameter
Apr 01, 2019
CVSS 5.3
EPSS 0.00
CVE-2018-13296 HIGH
Synology MailPlus Server < 2.0.5-0606 - Denial of Service via TLS Client-Initiated Renegotiation
Apr 01, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-13295 MEDIUM
Synology Application Service < 1.5.4-0320 - Authenticated Information Exposure via Version Parameter
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13294 MEDIUM
Synology Application Service < 1.5.4-0320 - Authenticated Information Exposure via uid Parameter
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13293 MEDIUM
Synology DiskStation Manager < 6.2.1-23824 Authenticated XSS via Control Panel SSO
Apr 01, 2019
CVSS 5.9
EPSS 0.00
CVE-2018-13292 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Sensitive Information Exposure via World-Readable Mount Configuration
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13291 MEDIUM
Synology DiskStation Manager 5.2-6.2.1-23824 - Authenticated Sensitive Information Exposure via Mount Configuration
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13290 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Authenticated Information Exposure via file_path Parameter
Apr 01, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-13289 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Information Exposure via Folder Path Parameter
Apr 01, 2019
CVSS 5.3
EPSS 0.00
CVE-2018-13288 MEDIUM
Synology File Station < 1.1.5-0125 - Exposure of Sensitive Information via folder_path or real_path Parameter
Apr 01, 2019
CVSS 5.3
EPSS 0.00
CVE-2018-13287 MEDIUM
Synology Router Manager < 1.1.7-6941-1 - Authenticated Sensitive Information Exposure via synouser.conf
Apr 01, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-13286 MEDIUM
Synology DiskStation Manager < 6.2-23739-1 - Authenticated Sensitive Information Exposure via synouser.conf
Apr 01, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-13285 HIGH
Synology Router Manager 1.1-1.1.7-6941-1 - Authenticated OS Command Injection via MKD or RMD Command
Apr 01, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-13284 HIGH
Synology DiskStation Manager < 6.2-23739-1 - Authenticated OS Command Injection via MKD or RMD FTP Commands
Apr 01, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-13283 HIGH
Synology SSL VPN Client <1.2.5-0226 - Man-in-the-middle
Apr 01, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-8920 HIGH
Synology DiskStation Manager < 6.1.6-15266 - Arbitrary Content Injection via Log Exporter CSV Export
Dec 24, 2018
CVSS 7.2
EPSS 0.00
CVE-2018-8919 HIGH
Synology DiskStation Manager < 6.1.6-15266 - Credential Exposure via SYNO.Core.Desktop.SessionData
Dec 24, 2018
CVSS 8.3
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV