Filtered by vendor Synology
Subscribe
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47267 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2024-47268 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47269 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47270 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2024-47271 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47272 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2025-13167 | 1 Synology | 2 Contacts, Diskstation Manager | 2026-05-28 | N/A | 5.4 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors. | |||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2026-05-13 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
| CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2026-05-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | |||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||||
| CVE-2017-12072 | 1 Synology | 1 Photo Station | 2026-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2026-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | |||||
| CVE-2017-12077 | 1 Synology | 1 Router Manager | 2026-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
| CVE-2017-11153 | 1 Synology | 1 Photo Station | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | |||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||||
| CVE-2017-15893 | 1 Synology | 1 File Station | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2016-10323 | 1 Synology | 1 Photo Station | 2026-05-13 | 7.2 HIGH | 7.8 HIGH |
| Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | |||||
| CVE-2017-11157 | 2 Microsoft, Synology | 2 Windows, Cloud Station Backup | 2026-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||