Vulnerabilities (CVE)

Filtered by vendor Synology Subscribe
Filtered by product Audio Station
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27612 1 Synology 1 Audio Station 2024-11-21 N/A 7.3 HIGH
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-27611 1 Synology 1 Audio Station 2024-11-21 N/A 5.4 MEDIUM
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2017-15888 1 Synology 1 Audio Station 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
CVE-2015-9104 1 Synology 1 Audio Station 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.