Filtered by vendor Synology
Subscribe
Total
251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6868 | 1 Synology | 1 Ds Audio | 2024-11-21 | 5.4 MEDIUM | N/A |
| The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6848 | 1 Synology | 1 Ds File | 2024-11-21 | 5.4 MEDIUM | N/A |
| The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6836 | 1 Synology | 1 Ds Photo\+ | 2024-11-21 | 5.4 MEDIUM | N/A |
| The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 7.8 HIGH | N/A |
| The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | |||||
| CVE-2013-6987 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. | |||||
| CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 10.0 HIGH | N/A |
| webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | |||||
| CVE-2012-1556 | 1 Synology | 2 Diskstation Manager, Synology Photo Station | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | |||||
| CVE-2010-3684 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2024-11-21 | 2.1 LOW | N/A |
| The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | |||||
| CVE-2010-2453 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. | |||||
| CVE-2024-10443 | 1 Synology | 4 Beephotos, Beestation Os, Diskstation Manager and 1 more | 2024-11-19 | N/A | 9.8 CRITICAL |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-8922 | 1 Synology | 1 Drive Server | 2024-10-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | |||||
| CVE-2018-13297 | 1 Synology | 1 Drive Server | 2024-10-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | |||||
| CVE-2018-8910 | 1 Synology | 1 Drive Server | 2024-10-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8921 | 1 Synology | 1 Drive Server | 2024-10-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | |||||
| CVE-2022-49037 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 6.5 MEDIUM |
| Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-49038 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 7.8 HIGH |
| Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2022-49039 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 6.7 MEDIUM |
| Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-49040 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 4.4 MEDIUM |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | |||||
| CVE-2022-49041 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 4.4 MEDIUM |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | |||||
| CVE-2023-52946 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 8.2 HIGH |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | |||||