Filtered by vendor Synology
Subscribe
Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53279 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53280 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53281 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53282 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53283 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53284 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53285 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-11398 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2024-53286 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-53287 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53288 | 1 Synology | 1 Router Manager | 2025-07-29 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2025-4679 | 1 Synology | 1 Active Backup For Microsoft 365 | 2025-07-02 | N/A | 6.5 MEDIUM |
| A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-04-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
| CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | |||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||||
| CVE-2017-12072 | 1 Synology | 1 Photo Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | |||||