Filtered by vendor Synology
Subscribe
Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29086 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-34812 | 1 Synology | 1 Calendar | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-34810 | 1 Synology | 1 Download Station | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-34809 | 1 Synology | 1 Download Station | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2021-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | |||||
| CVE-2021-34811 | 1 Synology | 1 Download Station | 2021-06-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2021-29089 | 1 Synology | 1 Photo Station | 2021-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2021-06-10 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | |||||
| CVE-2021-29091 | 1 Synology | 1 Photo Station | 2021-06-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. | |||||
| CVE-2021-33181 | 1 Synology | 1 Video Station | 2021-06-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | |||||
| CVE-2021-33183 | 1 Synology | 1 Docker | 2021-06-10 | 3.6 LOW | 7.9 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2021-33184 | 1 Synology | 1 Download Station | 2021-06-10 | 4.0 MEDIUM | 7.7 HIGH |
| Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2021-33182 | 1 Synology | 1 Diskstation Manager | 2021-06-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. | |||||
| CVE-2021-29092 | 1 Synology | 1 Photo Station | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2021-06-09 | 4.6 MEDIUM | 7.8 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2021-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-14907 | 5 Canonical, Fedoraproject, Redhat and 2 more | 9 Ubuntu Linux, Fedora, Enterprise Linux and 6 more | 2021-05-29 | 2.6 LOW | 6.5 MEDIUM |
| All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | |||||
| CVE-2021-31439 | 1 Synology | 1 Diskstation Manager | 2021-05-27 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. | |||||
| CVE-2021-27648 | 1 Synology | 1 Antivirus Essential | 2021-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors. | |||||
| CVE-2018-8920 | 1 Synology | 1 Diskstation Manager | 2021-05-12 | 6.5 MEDIUM | 7.2 HIGH |
| Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | |||||