Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Synology Subscribe
Total 262 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11827 1 Synology 1 Note Station 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVE-2019-11826 1 Synology 1 Moments 2024-11-21 6.5 MEDIUM 8.0 HIGH
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
CVE-2019-11825 1 Synology 1 Calendar 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2019-11823 1 Synology 1 Router Manager 2024-11-21 5.0 MEDIUM 8.6 HIGH
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
CVE-2019-11822 1 Synology 1 Photo Station 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
CVE-2019-11821 1 Synology 1 Photo Station 2024-11-21 7.5 HIGH 7.3 HIGH
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
CVE-2019-11820 1 Synology 1 Calendar 2024-11-21 2.1 LOW 5.5 MEDIUM
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
CVE-2018-8929 1 Synology 1 Ssl Vpn Client 2024-11-21 6.8 MEDIUM 7.3 HIGH
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
CVE-2018-8928 1 Synology 1 Carddav Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
CVE-2018-8927 1 Synology 1 Calendar 2024-11-21 4.0 MEDIUM 5.4 MEDIUM
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
CVE-2018-8926 1 Synology 1 Photo Station 2024-11-21 6.5 MEDIUM 8.8 HIGH
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
CVE-2018-8925 1 Synology 1 Photo Station 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
CVE-2018-8924 1 Synology 1 Office 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8923 1 Synology 1 File Station 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8922 1 Synology 1 Drive Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
CVE-2018-8921 1 Synology 1 Drive Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8920 1 Synology 1 Diskstation Manager 2024-11-21 6.5 MEDIUM 7.2 HIGH
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
CVE-2018-8919 1 Synology 1 Diskstation Manager 2024-11-21 5.0 MEDIUM 8.3 HIGH
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
CVE-2018-8918 1 Synology 1 Router Manager 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-8917 1 Synology 1 Diskstation Manager 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024