Filtered by vendor Synology
Subscriptions
Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34809 | 1 Synology | 1 Download Station | 2024-11-21 | 9.9 Critical |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2024-11-21 | 5.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | ||||
| CVE-2021-33184 | 1 Synology | 1 Download Station | 2024-11-21 | 7.7 High |
| Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2021-33183 | 1 Synology | 1 Docker | 2024-11-21 | 7.9 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2021-33181 | 1 Synology | 1 Video Station | 2024-11-21 | 6.6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | ||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2024-11-21 | 7.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2021-29092 | 1 Synology | 1 Photo Station | 2024-11-21 | 8.8 High |
| Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-29091 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.7 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.2 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | ||||
| CVE-2021-29089 | 1 Synology | 1 Photo Station | 2024-11-21 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2021-27648 | 1 Synology | 1 Antivirus Essential | 2024-11-21 | 9 Critical |
| Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors. | ||||
| CVE-2020-8623 | 8 Canonical, Debian, Fedoraproject and 5 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 7.5 High |
| In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | ||||
| CVE-2020-8622 | 9 Canonical, Debian, Fedoraproject and 6 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 6.5 Medium |
| In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. | ||||
| CVE-2020-8621 | 5 Canonical, Isc, Netapp and 2 more | 5 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 2 more | 2024-11-21 | 7.5 High |
| In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. | ||||
| CVE-2020-27660 | 1 Synology | 1 Safeaccess | 2024-11-21 | 9.6 Critical |
| SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | ||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2024-11-21 | 8.4 High |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | ||||
| CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-11-21 | 7.1 High |
| Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2020-27657 | 1 Synology | 1 Router Manager | 2024-11-21 | 6.5 Medium |
| Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | ||||
| CVE-2020-27655 | 1 Synology | 1 Router Manager | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | ||||
| CVE-2020-27654 | 1 Synology | 1 Router Manager | 2024-11-21 | 9.8 Critical |
| Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | ||||