Vulnerabilities in Synology
294 resultsCVE-2017-11161—Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary EPSS 1.2%CVE-2018-13291MEDIUMInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenEPSS 1.2%CVE-2021-29086MEDIUMExposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.EPSS 1.2%CVE-2018-13281MEDIUMInformation exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated useEPSS 1.2%CVE-2022-27618MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage AnalyzeEPSS 1.2%CVE-2024-53286HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in SynEPSS 1.1%CVE-2024-10441CRITICALImproper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and SynolEPSS 1.1%CVE-2021-29091HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo EPSS 1.1%CVE-2022-22679MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskSEPSS 1.1%CVE-2022-22680MEDIUMExposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42EPSS 1.1%CVE-2021-34812MEDIUMUse of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitEPSS 1.1%CVE-2018-8913HIGHMissing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a EPSS 1.1%CVE-2021-33182MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStationEPSS 1.1%CVE-2022-22685HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server bEPSS 1.1%CVE-2017-16775HIGHImproper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote atEPSS 1.1%CVE-2017-15891—Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modiEPSS 1.0%CVE-2018-8911MEDIUMCross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users EPSS 1.0%CVE-2017-16767—Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated userEPSS 1.0%CVE-2018-8912MEDIUMCross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated useEPSS 1.0%CVE-2018-8920MEDIUMImproper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attacEPSS 1.0%