Vulnerabilidades en Synology
294 resultadosCVE-2022-27615HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before EPSS 1.0%CVE-2021-34808MEDIUMServer-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to acceEPSS 1.0%CVE-2017-15892—Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated uEPSS 1.0%CVE-2017-12072—Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated uEPSS 1.0%CVE-2025-4679MEDIUMA vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecEPSS 1.0%CVE-2021-33184HIGHServer-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote EPSS 1.0%CVE-2022-43932HIGHImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in SynologEPSS 1.0%CVE-2021-33180HIGHImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media ServerEPSS 1.0%CVE-2022-27626CRITICALA vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the sessioEPSS 1.0%CVE-2018-8916MEDIUMUnverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticatEPSS 1.0%CVE-2021-33181MEDIUMServer-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticateEPSS 1.0%CVE-2018-13282MEDIUMSession fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sEPSS 1.0%CVE-2023-0077MEDIUMInteger overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows rEPSS 0.9%CVE-2018-13298MEDIUMChannel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attacEPSS 0.9%CVE-2023-0142MEDIUMUncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8EPSS 0.9%CVE-2018-8927MEDIUMImproper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary eEPSS 0.9%CVE-2022-27613HIGHImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV SEPSS 0.9%CVE-2015-9102—Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote autheEPSS 0.9%CVE-2022-3576MEDIUMA vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows rEPSS 0.9%CVE-2022-27611MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station bEPSS 0.9%