Vulnerabilities in Synology
294 resultsCVE-2017-16773MEDIUMImproper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users tEPSS 1.4%CVE-2024-10442CRITICALOff-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 aEPSS 1.3%CVE-2021-29084HIGHImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report EPSS 1.3%CVE-2021-29085HIGHImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management EPSS 1.3%CVE-2018-13286MEDIUMIncorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authentiEPSS 1.3%CVE-2018-13287MEDIUMIncorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticateEPSS 1.3%CVE-2018-13294MEDIUMInformation exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated usEPSS 1.3%CVE-2018-8914HIGHSQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arEPSS 1.3%CVE-2018-13295MEDIUMInformation exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authentEPSS 1.3%CVE-2022-27610MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation ManEPSS 1.3%CVE-2017-16771—Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackeEPSS 1.3%CVE-2018-13292MEDIUMInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticaEPSS 1.3%CVE-2018-13290MEDIUMInformation exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users tEPSS 1.3%CVE-2020-27658HIGHSynology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makeEPSS 1.3%CVE-2019-11822MEDIUMRelative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remoEPSS 1.3%CVE-2017-15888—Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticatEPSS 1.3%CVE-2018-8922MEDIUMImproper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or fEPSS 1.3%CVE-2022-22683CRITICALBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-EPSS 1.3%CVE-2023-32955HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in SynEPSS 1.3%CVE-2022-27620MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server befoEPSS 1.2%