MidnightBSD

Advisories for synology

CVE-2010-2453 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology dsm 2.2-1041
synology dsm 2.2-1045
synology dsm 3.0-1334
synology dsm 2.2-0942
synology dsm 2.3-1157
synology dsm 2.2-1042
synology dsm 2.3-1141
synology dsm 2.3-1161
synology dsm 2.3-1144
synology dsm 2.3-1139
CVE-2010-3684 LOW

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
synology dsm 2.2-1041
synology dsm 2.2-1045
synology dsm 2.2-0942
synology dsm 2.3-1157
synology dsm 2.2-1042
synology dsm 2.3-1141
synology dsm 2.3-1161
synology dsm 2.3-1144
synology dsm 2.3-1139
CVE-2013-6955 HIGH

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
synology diskstation_manager 4.0
synology diskstation_manager 4.2
synology diskstation_manager 4.3
synology diskstation_manager 4.3-3810
CVE-2013-6987 HIGH

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager 4.3-3810
CVE-2014-2264 HIGH

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-255,

Products Affected

Vendor Product Version
synology diskstation_manager 4.3-3810
CVE-2014-6836 MEDIUM

The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
synology ds_photo+ 3.3
CVE-2014-6848 MEDIUM

The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
synology ds_file 4.1.1
CVE-2014-6868 MEDIUM

The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
synology ds_audio 3.4
CVE-2015-2809 MEDIUM

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2015-2851 MEDIUM

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
synology cloud_station 2.0-2291
synology cloud_station 2.0-2402
synology cloud_station 2.1-2577
synology cloud_station 2.1-2570
synology cloud_station 3.0-3111
synology cloud_station 3.0-3109
synology cloud_station 3.1-3317
synology cloud_station 3.0-3103
synology cloud_station 1.1-2291
synology cloud_station 3.1-3320
synology cloud_station 2.1-2561
synology cloud_station 3.0-3005
synology cloud_station 3.0-3108
CVE-2015-4655 MEDIUM

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2015-4656 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2015-6909 MEDIUM

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology download_station *
CVE-2015-6910 HIGH

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
synology video_station *
CVE-2015-6911 HIGH

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
synology video_station *
CVE-2015-6912 HIGH

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
synology video_station *
CVE-2015-6913 MEDIUM

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology download_station *
CVE-2015-9102 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2015-9103 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology note_station *
CVE-2015-9104 LOW

Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology audio_station 5.1-2542
synology audio_station 5.1-2541
synology audio_station 5.4-2855
synology audio_station 5.1-2547
synology audio_station 5.4-2853
synology audio_station 5.1-2549
synology audio_station 5.4-2852
CVE-2015-9105 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology video_station 1.6-0841
synology video_station 1.6-0835
synology video_station 1.6-0844
synology video_station 1.2-0447
synology video_station 1.5-0763
synology video_station 1.2-0451
synology video_station 1.2-0439
synology video_station 1.5-0770
synology video_station 1.2-0453
synology video_station 1.5-0753
synology video_station 1.5-0757
synology video_station 1.6-0840
synology video_station 1.5-0754
synology video_station 1.2-0443
CVE-2016-10322 MEDIUM

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2016-10323 HIGH

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2016-10329 HIGH

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2016-10330 MEDIUM

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2016-10331 MEDIUM

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2016-6554 HIGH

Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-255,

Products Affected

Vendor Product Version
synology ds116_firmware *
synology ds213_firmware *
synology ds107_firmware *
CVE-2017-11148 MEDIUM

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
synology chat *
CVE-2017-11149 MEDIUM

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
synology download_station 3.4-2478
synology download_station 3.5-2970
synology download_station 3.8.4-3468
synology download_station 3.4-2490
synology download_station 3.5-2956
synology download_station 3.4-2555
synology download_station 3.4-2558
synology download_station 3.3-2386
synology download_station 3.4-2486
synology download_station 3.5-2955
synology download_station 3.3-2382
synology download_station 3.5-2638
synology download_station 3.5-2982
synology download_station 3.4-2489
synology download_station 3.2-2295
synology download_station 3.5-2706
synology download_station 3.5-2973
synology download_station 3.4-2485
synology download_station 3.5-2705
synology download_station 3.8.3-3458
synology download_station 3.8.2-3455
synology download_station 3.5-2968
synology download_station 3.8.0-3416
synology download_station 3.4-2557
synology download_station 3.5-2962
synology download_station 3.8.1-3420
synology download_station 3.5-2963
synology download_station 3.4-2514
synology download_station 3.5-2967
synology download_station 3.3-2383
synology download_station 3.5-2980
synology download_station 3.4-2477
synology download_station 3.4-2480
CVE-2017-11150 MEDIUM

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
synology office 2.2.0-1502
synology office 2.2.1-1506
CVE-2017-11151 HIGH

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
synology photo_station 6.3-2967
synology photo_station *
CVE-2017-11152 MEDIUM

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology photo_station 6.3-2967
synology photo_station *
CVE-2017-11153 HIGH

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
synology photo_station 6.3-2967
synology photo_station *
CVE-2017-11154 MEDIUM

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
synology photo_station 6.3-2967
synology photo_station *
CVE-2017-11155 MEDIUM

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-205,CWE-200,

Products Affected

Vendor Product Version
synology photo_station 6.3-2967
synology photo_station *
CVE-2017-11156 MEDIUM

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-732,

Products Affected

Vendor Product Version
synology download_station 3.4-2478
synology download_station 3.5-2970
synology download_station 3.8.4-3468
synology download_station 3.4-2490
synology download_station 3.5-2956
synology download_station 3.4-2555
synology download_station 3.4-2558
synology download_station 3.3-2386
synology download_station 3.4-2486
synology download_station 3.5-2955
synology download_station 3.3-2382
synology download_station 3.5-2638
synology download_station 3.5-2982
synology download_station 3.4-2489
synology download_station 3.2-2295
synology download_station 3.5-2706
synology download_station 3.5-2973
synology download_station 3.4-2485
synology download_station 3.5-2705
synology download_station 3.8.3-3458
synology download_station 3.8.2-3455
synology download_station 3.5-2968
synology download_station 3.8.0-3416
synology download_station 3.4-2557
synology download_station 3.5-2962
synology download_station 3.8.1-3420
synology download_station 3.5-2963
synology download_station 3.4-2514
synology download_station 3.5-2967
synology download_station 3.3-2383
synology download_station 3.5-2980
synology download_station 3.4-2477
synology download_station 3.4-2480
CVE-2017-11157 MEDIUM

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
synology cloud_station_backup *
CVE-2017-11158 MEDIUM

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-426,

Products Affected

Vendor Product Version
synology cloud_station_drive *
CVE-2017-11159 MEDIUM

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-426,

Products Affected

Vendor Product Version
synology photo_station_uploader *
CVE-2017-11160 MEDIUM

Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
synology assistant *
CVE-2017-11161 HIGH

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-11162 MEDIUM

Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-12071 MEDIUM

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-12072 LOW

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-12074 MEDIUM

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology dns_server *
CVE-2017-12075 MEDIUM

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-12076 MEDIUM

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager 6.1.1
CVE-2017-12077 MEDIUM

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2017-12078 MEDIUM

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2017-12079 MEDIUM

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,CWE-200,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-12080 MEDIUM

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-14491 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
synology diskstation_manager 6.1
synology diskstation_manager 6.0
synology router_manager 1.1
thekelleys dnsmasq *
redhat enterprise_linux_desktop 6.0
nvidia linux_for_tegra *
siemens scalance_s615_firmware *
redhat enterprise_linux_server 7.0
siemens ruggedcom_rm1224_firmware *
arista eos *
opensuse leap 42.3
canonical ubuntu_linux 16.04
suse linux_enterprise_point_of_sale 11
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.04
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server 6.0
suse linux_enterprise_server 11
huawei honor_v9_play_firmware *
siemens scalance_w1750d_firmware *
synology diskstation_manager 5.2
nvidia geforce_experience *
opensuse leap 42.2
suse linux_enterprise_server 12
debian debian_linux 7.1
redhat enterprise_linux_workstation 6.0
arubanetworks arubaos *
debian debian_linux 7.0
debian debian_linux 8.0
redhat enterprise_linux_desktop 7.0
siemens scalance_m-800_firmware *
redhat enterprise_linux_workstation 7.0
CVE-2017-15886 MEDIUM

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
synology chat *
CVE-2017-15887 MEDIUM

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
synology carddav_server *
CVE-2017-15888 LOW

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology audio_station *
CVE-2017-15889 MEDIUM

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-15890 LOW

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology mailplus_server *
CVE-2017-15891 MEDIUM

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology calendar *
CVE-2017-15892 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology chat *
CVE-2017-15893 MEDIUM

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology file_station *
CVE-2017-15894 MEDIUM

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-15895 MEDIUM

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2017-16766 MEDIUM

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-74,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-16767 LOW

Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2017-16768 LOW

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology mailplus_server *
CVE-2017-16769 MEDIUM

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-359,CWE-200,

Products Affected

Vendor Product Version
synology photo_station 6.8.1-3458
CVE-2017-16770 MEDIUM

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-538,CWE-200,

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2017-16771 MEDIUM

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-16772 MEDIUM

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-20,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-16773 MEDIUM

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
synology universal_search *
CVE-2017-16774 LOW

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-16775 MEDIUM

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,CWE-20,

Products Affected

Vendor Product Version
synology sso_server *
CVE-2017-5753 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel core_i7 940xm
intel core_i7 5950hq
intel core_i7 3632qm
intel xeon e5607
intel core_i5 2500k
intel xeon_e3_1225_v3 -
intel core_i7 620lm
intel xeon_e5_2623_v3 -
intel xeon_platinum 8156
phoenixcontact bl_bpc_3001_firmware -
intel xeon_e5_2603_v3 -
intel core_i3 4350t
intel core_i3 4120u
intel core_i7 720qm
intel xeon_e5 2695_v3
phoenixcontact vl_ppc_2000_firmware -
intel celeron_j j1900
intel celeron_n n3350
intel core_i3 2350m
intel xeon_e5 4660_v4
intel core_i7 3770
intel xeon x5570
intel xeon x5675
intel xeon_e7 8893_v3
intel atom_c c3830
intel xeon_e3_1230 -
intel core_i5 2435m
intel atom_z z3735e
intel core_i3 2115c
intel core_i5 3450s
intel xeon x6550
intel xeon ec5549
intel xeon_e7 2880_v2
intel core_i7 3517ue
intel core_i5 4210h
intel xeon_e5 4610_v4
siemens simatic_itc2200_firmware *
arm cortex-a77_firmware -
intel xeon_e3_1231_v3 -
intel pentium_j j4205
intel core_i5 6300hq
intel core_m 5y10c
intel xeon_e7 4820_v3
intel xeon_e5_1428l_v2 -
intel core_i7 2640m
intel core_i3 330um
intel core_i7 4720hq
intel xeon_gold 6130
intel core_i3 4030u
intel core_i7 5500u
intel core_i7 4800mq
intel core_i3 8350k
intel xeon x5667
intel xeon_e7 2830
intel celeron_j j3355
intel core_i3 3217ue
intel xeon e6510
intel xeon_e5_2650_v2 -
phoenixcontact bl_ppc17_3000_firmware -
intel core_i5 6600
intel xeon_e3_1265l_v3 -
intel xeon_e5 4650_v2
intel core_i5 2320
intel atom_c c2750
intel core_i3 4100u
intel core_i3 2340ue
intel core_i5 4690s
intel xeon_e7 8880l_v2
intel core_i5 2537m
intel core_i7 880
intel core_i7 4610y
intel core_i5 3427u
intel core_i7 4765t
intel xeon_platinum 8170
intel core_i3 4020y
intel core_i5 6400t
intel core_i3 5157u
phoenixcontact vl2_bpc_1000_firmware -
intel core_i3 4160
phoenixcontact bl_bpc_7000_firmware -
intel core_i5 4260u
phoenixcontact bl_ppc17_1000_firmware -
intel core_i3 4010u
intel core_i3 6006u
synology vs360hd_firmware -
intel core_i7 4722hq
intel core_i7 5600u
intel core_i3 4110m
intel xeon_e3_1220 -
intel core_i5 2405s
intel core_i3 350m
intel xeon e7520
intel atom_e e3805
intel atom_c c2558
suse suse_linux_enterprise_desktop 12
intel atom_z z3530
intel core_i5 3570s
intel core_i7 3770k
intel core_i7 4600u
intel xeon_e7 8867_v4
intel xeon_e7 8890_v4
intel core_i3 4000m
vmware esxi 6.5
intel core_i5 5257u
intel xeon_e3_1290 -
intel core_i3 2130
arm cortex-r8_firmware -
intel core_i3 4030y
intel xeon_gold 5115
intel xeon e5502
phoenixcontact bl_ppc15_3000_firmware -
intel pentium_n n3510
intel celeron_j j3455
phoenixcontact vl_bpc_3000_firmware -
intel xeon_e7 8857_v2
intel xeon_e7 8830
intel xeon x5560
intel xeon_e5_2470_v2 -
phoenixcontact vl2_bpc_2000_firmware -
intel xeon_e3_1258l_v4 -
intel core_i5 3570
oracle local_service_management_system 13.2
intel core_i3 4130t
suse suse_linux_enterprise_server 12
intel atom_z z3460
intel core_i5 4460
intel xeon_e7 8880_v4
intel core_i3 3210
intel atom_z z2520
intel xeon_e3 1565l_v5
intel core_i5 750
intel xeon_e3_1240_v6 -
intel xeon_e5 4610_v3
phoenixcontact bl_bpc_2001_firmware -
intel xeon x3440
intel core_i3 4360t
phoenixcontact vl2_ppc7_1000_firmware -
intel core_i3 4330t
intel core_i7 7y75
intel atom_z z3480
intel xeon_gold 6142m
phoenixcontact dl_ppc15_1000_firmware -
intel core_i3 4130
intel xeon l5530
intel celeron_j j3160
intel xeon_e3_1286_v3 -
intel core_i5 3550
intel core_m 5y10a
intel xeon_e5 2670_v3
intel xeon_e5_2438l_v3 -
intel xeon_e5 4667_v4
intel core_i7 5750hq
intel core_i5 3437u
intel atom_z z3745
intel atom_c c2338
intel xeon_e7 4870
intel core_i3 3220t
intel xeon_e3_1505l_v6 -
intel core_i7 2710qe
intel xeon_e5 2660_v3
intel xeon l5508
intel xeon_e5_2403 -
intel xeon_silver 4114
intel core_i5 4670k
intel core_i7 820qm
intel xeon_e3_1230_v3 -
intel core_i5 3330s
intel xeon_e3_1275 -
intel xeon_e5 2680_v4
intel xeon_e5_2618l_v3 -
intel xeon l7555
intel core_i7 3555le
intel core_i5 4570te
intel core_i7 3820qm
intel xeon_e3_1246_v3 -
intel core_i7 4790
intel xeon_e7 8893_v4
intel core_i5 2400
vmware esxi 5.5.0
intel core_i5 2500s
intel xeon_e5_2643_v3 -
intel xeon_e5 2683_v4
intel core_i7 2960xm
intel xeon_e7 8890_v2
intel celeron_n n2840
intel xeon_e5 2698_v3
intel xeon_phi 7285
intel xeon_e3_1225_v6 -
intel core_i3 4010y
intel core_i5 4202y
intel core_i7 5700hq
intel atom_c c2308
intel xeon e5640
intel xeon e6540
intel core_i5 4310u
intel xeon_e5 4657l_v2
intel xeon w5580
intel atom_z z3735d
intel core_i7 740qm
intel atom_x3 c3265rk
intel xeon_e5_2428l_v2 -
intel core_i5 3470t
intel xeon x3470
intel xeon_e3 1505m_v6
intel atom_c c2550
intel celeron_n n2808
intel core_i7 5850hq
intel xeon e5506
intel xeon ec5509
intel core_i7 4700eq
intel xeon_e3_1275_v2 -
intel xeon_e5_2430_v2 -
intel xeon_e5_2418l -
intel core_i5 3475s
intel core_i7 4770t
intel core_i7 610e
intel core_i3 2370m
intel xeon_e7 2870_v2
intel xeon_e5_2620_v4 -
intel core_i5 3570t
intel xeon_e3_1240l_v3 -
intel core_i5 3230m
vmware workstation *
intel xeon l3426
intel core_i7 930
intel xeon l5518
intel core_i3 4100e
intel core_i3 6167u
intel core_i5 4200m
intel xeon_e3_1285_v4 -
intel core_i7 2760qm
intel core_i7 4712mq
arm cortex-a12_firmware -
intel core_i7 7700t
intel xeon_e3_1230_v6 -
intel core_i7 990x
intel xeon_silver 4108
intel xeon_e5_2650l -
intel atom_z z3560
intel xeon_e7 4830_v2
intel core_i7 5775r
intel pentium_n n4200
intel celeron_n n3060
intel xeon_e5 4650_v3
intel core_i5 4300u
intel core_i7 3612qe
intel core_i7 4770te
intel xeon_phi 7295
intel core_i3 3225
intel xeon_e5_1428l_v3 -
phoenixcontact vl2_bpc_9000_firmware -
intel core_i7 2620m
intel atom_c c3808
intel xeon_gold 6148f
intel core_i5 750s
intel atom_e e3815
phoenixcontact bl_ppc15_1000_firmware -
intel xeon e5503
intel core_i5 6440eq
intel core_i7 5775c
intel xeon x5680
intel core_i5 4308u
intel xeon_e5 4610
intel pentium_n n3700
intel xeon_e5 2699r_v4
intel xeon_e7 4809_v3
intel core_i5 6685r
intel atom_c c3558
arm neoverse_n1_firmware -
intel core_i5 580m
intel core_i7 2600s
intel pentium_j j3710
intel core_i7 4702mq
intel core_i7 3630qm
intel xeon e5645
intel xeon_e5_2648l -
intel xeon_e5_2637_v3 -
intel core_i3 3217u
intel xeon_e3_1241_v3 -
intel core_i5 6600k
intel xeon_e5_2608l_v3 -
intel core_i7 3770t
intel core_i3 3240t
intel core_i3 3120me
intel xeon_e3_1281_v3 -
intel pentium_n n3540
intel core_i7 4870hq
intel xeon_e5_2640_v3 -
intel xeon_silver 4116t
intel xeon_e5_1680_v3 -
intel xeon_e5_2620_v3 -
intel core_i3 2100t
intel core_i7 4790s
intel xeon_e5 2697_v3
intel xeon_phi 7290
intel xeon_e7 8867_v3
intel xeon_e7 8870_v4
intel core_i5 4258u
phoenixcontact vl_bpc_1000_firmware -
intel xeon_e5_2650l_v2 -
intel xeon_e5_2618l_v2 -
intel xeon_e5_2637_v4 -
intel atom_e e3825
intel core_i7 3610qm
intel atom_z z3736g
intel core_i3 4110e
intel core_i7 7820hk
phoenixcontact bl_rackmount_2u_firmware -
intel core_i5 650
intel core_i5 2500t
phoenixcontact vl2_ppc_9000_firmware -
intel xeon l5640
intel xeon_e5 2660
intel pentium_j j2850
intel core_i5 4300m
intel xeon_e5 4640_v4
intel core_i3 4170
intel core_i7 4760hq
intel core_i3 8100
intel core_m7 6y75
intel xeon_e5_2603 -
intel core_i5 4430s
synology diskstation_manager *
intel core_i7 980
intel core_i3 6102e
intel xeon_e3_1240_v2 -
intel core_i7 640m
intel core_i3 4350
intel xeon_e3_1230_v2 -
intel core_i5 4400e
intel xeon_silver 4114t
intel xeon_e5_2420_v2 -
intel core_i5 4200h
intel xeon x5687
intel xeon_e5 4620_v3
intel core_i3 6300
intel xeon_e5 4648_v3
intel atom_e e3845
intel core_i5 6500te
intel core_i7 4770r
intel core_i5 2390t
intel xeon_e3 1575m_v5
intel atom_z z3740
intel xeon_e5 2697a_v4
intel xeon_platinum 8160
intel xeon_e5 4610_v2
intel xeon_e5_1620_v2 -
intel core_i5 4402ec
intel core_m3 7y30
intel core_i5 2450p
intel core_i3 6100u
intel xeon_e3_1501l_v6 -
intel xeon_e5 2658a_v3
intel atom_z z3735g
intel xeon_e5 2690_v3
intel xeon_platinum 8176m
intel core_i5 3380m
intel core_i5 2380p
intel xeon w5590
intel core_i7 640lm
intel xeon l3406
intel xeon_e5 2667_v3
intel core_i5 5300u
intel core_i5 6500
synology router_manager *
intel core_i5 2450m
intel core_i7 4850hq
intel atom_c c2516
intel celeron_n n2810
intel xeon_e3_1235 -
phoenixcontact bl_bpc_2000_firmware -
intel core_i7 3770s
intel core_i7 3610qe
intel xeon_e3 1545m_v5
intel xeon_e5_2450l_v2 -
intel atom_x5-e3940 -
intel xeon_e5 4620_v4
intel xeon_e5_2430l -
intel core_i7 3540m
intel core_i5 4570t
intel atom_c c2358
intel xeon_e5 4655_v4
intel xeon_e7 4830
intel xeon_e7 8870
intel xeon_e7 8867l
intel core_i3 4158u
intel xeon_e7 8880_v2
intel xeon_e5 2687w_v2
intel core_i5 6400
intel core_i5 2550k
intel xeon_phi 7230f
intel core_i3 4100m
intel atom_c c2530
intel xeon_e5_2623_v4 -
intel atom_z z3775
phoenixcontact bl_ppc15_7000_firmware -
intel xeon_e5 2695_v4
intel core_i7 4771
phoenixcontact bl_ppc12_1000_firmware -
intel xeon x3430
intel atom_c c3750
intel xeon_e5_2450_v2 -
intel xeon_e5 2670_v2
intel core_i3 3240
intel core_i3 380um
intel atom_z z3590
intel xeon_e3 1515m_v5
canonical ubuntu_linux 16.04
intel core_i5 3317u
intel xeon_e7 8880l_v3
intel atom_z z3580
intel xeon_silver 4112
intel xeon_e5_2609_v2 -
intel pentium_n n3710
intel core_i5 661
intel xeon_e3_1125c_v2 -
intel core_i3 2310e
intel core_i5 5250u
intel xeon_gold 6148
intel xeon_e5 4624l_v2
intel xeon x5690
intel core_i5 655k
intel core_i7 5850eq
intel xeon_e5_2643_v2 -
intel xeon_e5_2648l_v3 -
intel celeron_n n3050
intel xeon_e7 4820_v2
arm cortex-a8_firmware -
intel core_i5 4590
intel xeon x7550
intel core_i5 660
intel xeon_e5_2418l_v2 -
intel core_i3 6100h
intel core_i7 960
intel xeon_e5_2620 -
intel xeon_e5_2448l_v2 -
intel core_i3 6098p
intel xeon_e5 2660_v4
intel celeron_n n2940
intel celeron_n n3150
intel core_i5 4670r
intel core_i7 3840qm
intel core_i7 8550u
intel xeon_e3_1240 -
intel core_i5 4302y
intel atom_z z3775d
intel xeon_e7 4860_v2
arm cortex-a57_firmware -
arm cortex-a17_firmware -
intel xeon_e3_1226_v3 -
intel xeon x5550
intel xeon_gold 6130f
synology virtual_machine_manager *
intel celeron_n n2815
intel core_i7 3720qm
intel xeon_e5 4620
intel core_i5 4690
intel core_i7 5650u
oracle solaris 10
intel xeon e5603
intel xeon_e5_2630l -
canonical ubuntu_linux 17.10
intel core_m 5y51
intel core_i5 4670t
intel core_i5 2510e
intel xeon_e3_1285_v6 -
intel xeon_e3_1278l_v4 -
intel xeon_e5 2699_v3
intel core_i5 4220y
intel core_i5 540m
intel core_i5 4670s
intel xeon_e5_1650 -
intel core_i5 430m
intel xeon_e3_1265l_v2 -
intel core_i5 3340s
intel core_i7 620ue
intel xeon_e5_2648l_v4 -
intel celeron_j j4105
intel atom_x3 c3205rk
intel xeon_e5_2470 -
synology skynas -
phoenixcontact bl_ppc17_7000_firmware -
intel core_i5 5350u
intel core_i7 875k
intel xeon_gold 6134
intel xeon_e3_1270_v5 -
intel xeon_e7 8837
intel xeon_phi 7250f
intel xeon_e5 2697_v2
intel core_i5 4350u
intel core_i5 4570
intel core_i7 4770s
intel celeron_n n3000
intel xeon_e5 4669_v3
intel xeon l5506
phoenixcontact bl_rackmount_4u_firmware -
intel core_i7 4578u
intel xeon_e5_2448l -
intel xeon_e3_1245_v6 -
phoenixcontact valueline_ipc_firmware -
intel core_i7 4770
intel core_i5 2410m
intel xeon_e3_1280_v5 -
intel xeon_e5 4603
intel xeon_e7 4850_v4
intel atom_c c3858
intel xeon_e5_2628l_v4 -
intel core_i7 8700
intel atom_c c3708
intel xeon_e3 1578l_v5
intel core_i3 4150
intel core_i5 5575r
phoenixcontact bl_bpc_3000_firmware -
intel core_i5 6440hq
intel core_i5 4310m
intel atom_c c3955
intel xeon_e5_1660_v3 -
intel core_i3 4330
intel xeon_e5 4660_v3
intel xeon_phi 7210
intel core_m 5y70
intel core_i5 4210m
intel core_i5 4250u
intel xeon x5670
intel xeon_e5 2683_v3
intel xeon_e5_2637_v2 -
intel core_i7 2920xm
pepperl-fuchs btc12_firmware -
intel celeron_n n2830
intel core_i7 870
intel xeon_e3 1585_v5
intel core_i5 2430m
intel xeon_e7 4850_v2
siemens simatic_winac_rtx_(f)_2010_firmware 2010
intel celeron_n n2910
intel core_i5 5675c
intel xeon_e5_2618l_v4 -
intel xeon_e7 8850_v2
intel xeon x5647
intel core_i3 3227u
intel xeon_platinum 8176f
intel core_i7 3612qm
intel core_i3 5005u
intel xeon_e5 4640_v2
intel core_i5 4440
intel core_i3 2330m
intel core_i5 470um
intel xeon w3680
intel core_i7 2860qm
intel xeon x3460
intel xeon_e5 2690
intel core_i7 3537u
intel core_i5 480m
canonical ubuntu_linux 14.04
intel core_i7 8700k
intel xeon_e7 8860_v4
phoenixcontact bl2_ppc_2000_firmware -
intel xeon_gold 5120
intel xeon_e7 4830_v3
intel atom_z z2460
intel xeon e5540
intel core_i7 4702hq
intel core_i7 4950hq
intel pentium_n n3520
intel xeon_e5_2608l_v4 -
intel core_i5 3340
intel core_i3 6100
intel atom_c c3758
intel xeon_platinum 8164
intel atom_z z3740d
intel core_i5 3610me
intel xeon e5649
intel xeon x3450
intel xeon_e5 4627_v3
intel core_i5 540um
intel core_i5 3439y
intel core_i5 6260u
intel xeon_e3_1220_v5 -
intel core_m 5y71
intel xeon_e5 2697_v4
intel xeon_e7 4850
intel xeon_gold 6138f
intel xeon_e7 8850
intel core_i3 3120m
intel xeon_e5_2620_v2 -
pepperl-fuchs visunet_rm_shell -
intel xeon_e3_1280_v6 -
intel xeon x7560
intel xeon_e7 8880_v3
intel xeon_e3_1225_v2 -
intel xeon_e5 2658_v2
intel core_i5 6600t
intel celeron_j j4005
intel celeron_n n2805
intel celeron_n n3450
intel xeon_e3_1240_v5 -
intel xeon_platinum 8180
intel atom_c c2738
intel core_i7 4790k
intel xeon_e7 2850
intel core_i3 5020u
intel xeon_e3_1230_v5 -
intel pentium_j j2900
intel xeon_e3 1558l_v5
intel xeon_e3_1275l_v3 -
intel xeon_e5 4669_v4
intel xeon_e5_2648l_v2 -
intel core_i3 4025u
intel xeon_e5_1650_v3 -
intel xeon_platinum 8168
intel core_i7 5700eq
intel xeon_e5_2428l_v3 -
intel xeon l5638
intel core_i7 4810mq
intel core_i7 7920hq
intel xeon_gold 5118
siemens simatic_itc1500_pro_firmware *
intel xeon_e5 2687w
intel xeon_e3_1125c -
intel core_i5 8250u
phoenixcontact vl2_bpc_7000_firmware -
intel xeon_e3_1105c_v2 -
phoenixcontact vl2_ppc9_1000_firmware -
intel xeon l5618
intel xeon_e5_1660 -
intel xeon_e3_1270_v3 -
intel core_i7 965
intel xeon_e7 2890_v2
intel xeon_e5_2630l_v2 -
intel xeon_e5 2690_v2
intel core_i5 4278u
intel core_i3 2100
intel core_i3 390m
intel core_i7 3687u
intel xeon_e3_1275_v3 -
intel xeon_e5_1660_v2 -
intel core_i3 2367m
intel core_m5 6y57
intel core_i3 4005u
intel core_i5 4402e
intel core_i7 4770k
netapp hci -
arm cortex-r7_firmware -
intel core_i5 2310
intel xeon_e7 8860
intel xeon_e5_1680_v4 -
opensuse leap 42.2
intel atom_z z2560
intel core_i7 2649m
intel core_i7 8650u
intel xeon_e3_1280_v2 -
phoenixcontact bl2_ppc_7000_firmware -
intel core_i5 4360u
intel core_i5 3450
intel xeon_e-1105c -
intel core_i7 7700hq
intel xeon_e3_12201_v2 -
intel xeon l5630
intel xeon_e5_2609_v4 -
intel atom_x5-e3930 -
intel core_i7 4770hq
intel xeon_e5_2630_v4 -
intel xeon_e5_2440 -
intel xeon lc5518
intel core_i5 6360u
intel core_i7 840qm
intel atom_z z3770
intel xeon_e5_2650_v4 -
intel xeon_gold 6136
intel core_i3 4360
arm cortex-a72_firmware -
intel xeon_platinum 8170m
arm cortex-a78ae_firmware -
intel xeon_e3_1260l_v5 -
intel core_i7 7500u
intel xeon x5650
intel xeon_e5 2698_v4
intel xeon_e7 4880_v2
intel core_i3 370m
intel core_i7 4700hq
intel core_i3 6100e
intel core_i5 520m
intel core_i7 2720qm
intel core_i3 5010u
phoenixcontact vl2_ppc_2000_firmware -
intel celeron_n n3010
intel xeon e5507
intel xeon l5609
intel xeon_e7 4850_v3
intel core_i5 760
intel core_i5 4300y
intel xeon l7545
intel xeon_e5_2630_v2 -
phoenixcontact bl2_bpc_1000_firmware -
debian debian_linux 8.0
intel xeon_e3_1225 -
intel xeon_silver 4110
intel celeron_n n3160
intel core_i7 3667u
intel core_i7 3520m
intel xeon_e5 2665
intel core_i3 2328m
intel xeon_e3_1245_v3 -
intel core_i5 4590t
intel core_i5 6200u
intel core_i3 560
intel core_i5 2500
intel core_i5 3570k
intel atom_c c2730
intel atom_c c3508
intel core_i5 4210y
intel core_i7 3689y
debian debian_linux 9.0
intel xeon_e5_1630_v3 -
intel core_i3 2375m
intel core_i5 4330m
intel xeon_e5 4607_v2
intel xeon_e5 4627_v2
intel core_i5 2467m
intel core_i3 2357m
intel pentium_n n3530
intel xeon_e3_1290_v2 -
intel core_i5 4590s
intel xeon_gold 6140
intel atom_c c2758
intel xeon_e3_1220_v6 -
intel xeon_e5 2667
intel core_i7 7820eq
intel xeon_e7 4870_v2
phoenixcontact vl2_ppc_3000_firmware -
intel core_i5 4288u
intel atom_z z3785
intel atom_c c3338
intel xeon_e5_2450 -
arm cortex-a75_firmware -
intel atom_e e3826
intel xeon_e5 4607
intel atom_c c3958
intel core_i5 5200u
intel xeon_e5 2667_v4
intel core_m3 6y30
intel xeon_e3_1275_v5 -
intel atom_e e3827
intel xeon_e5 2658
intel core_i7 920
intel core_i7 5557u
intel xeon_e5_1620_v4 -
intel core_i7 4785t
intel xeon_e3 1535m_v6
intel xeon x7542
canonical ubuntu_linux 17.04
intel xeon e5530
phoenixcontact dl_ppc15m_7000_firmware -
phoenixcontact bl2_ppc_1000_firmware -
pepperl-fuchs btc14_firmware -
intel xeon_e3_1235l_v5 -
intel core_i5 560um
intel xeon_e5 4667_v3
intel xeon_gold 6144
intel xeon_phi 7290f
intel xeon_e7 8860_v3
intel xeon_e5 2690_v4
intel core_i5 3470
intel core_i7 5550u
intel xeon_e5_2430l_v2 -
intel xeon_e5 4650_v4
intel core_i5 520e
intel xeon_e5_2603_v4 -
intel core_i3 2310m
intel core_i7 3615qm
intel xeon_e5_1650_v4 -
intel core_i7 620le
intel core_i7 2630qm
intel xeon_e5 4650l
intel xeon_gold 5120t
intel core_i5 6287u
intel core_i7 920xm
intel xeon_phi 7250
intel core_i5 8350u
intel xeon_gold 6142f
intel core_i5 4460t
intel core_i5 3350p
intel celeron_j j1850
intel xeon_e5 4655_v3
intel celeron_j j3060
intel xeon_e5_2609_v3 -
intel core_i3 3115c
intel xeon_e3_1280_v3 -
intel xeon_e5 4627_v4
arm cortex-a9_firmware -
intel xeon_e5_2630l_v4 -
intel core_i7 640um
intel atom_z z3795
intel xeon_e5 4603_v2
intel core_i7 4910mq
intel atom_c c3308
intel core_i3 3245
intel xeon_e7 4860
intel core_i3 2105
phoenixcontact bl2_bpc_2000_firmware -
arm neoverse_n2_firmware -
intel celeron_n n2807
intel xeon_e5 2670
intel xeon x5660
canonical ubuntu_linux 12.04
intel core_i7 7560u
oracle local_service_management_system 13.3
intel core_i7 4500u
intel core_i3 3250t
intel core_i7 2677m
intel celeron_j j1750
intel xeon w3690
intel core_i5 2520m
suse suse_linux_enterprise_software_development_kit 12
intel core_i5 450m
intel xeon_e5_2630l_v3 -
intel core_i3 6300t
intel xeon_e5_1620_v3 -
intel xeon_phi 7210f
intel xeon_e5_2643_v4 -
intel xeon_e7 4809_v4
intel core_m5 6y54
intel celeron_n n4100
intel xeon_e3_1505m_v5 -
intel xeon_e3_1271_v3 -
arm cortex-a76_firmware -
intel core_m 5y31
intel core_i3 3130m
intel xeon_e5_2650_v3 -
intel core_i7 2610ue
intel atom_z z3735f
intel core_i7 660um
intel xeon e5520
intel core_i3 3229y
intel xeon_e3_1270_v6 -
intel xeon_gold 6152
intel xeon_gold 6134m
intel core_i7 4750hq
intel core_i5 4670
intel xeon_e3_1501m_v6 -
intel core_i5 4570r
intel core_i3 2377m
intel atom_c c3538
intel xeon_silver 4116
intel core_i3 4160t
intel core_i5 4210u
siemens simatic_itc1900_firmware *
intel xeon e5620
intel atom_z z2580
intel core_i5 680
intel xeon e5504
intel xeon_e5_2640_v4 -
phoenixcontact vl2_ppc_7000_firmware -
intel atom_c c2718
intel xeon_e5_2630 -
opensuse leap 42.3
intel core_i3 3220
phoenixcontact vl2_ppc_1000_firmware -
intel core_i5 3210m
intel xeon_e5 2650l_v4
intel atom_x7-e3950 -
intel xeon_gold 6130t
intel xeon_e5 2658_v4
oracle local_service_management_system 13.1
intel core_i5 4440s
intel core_i3 6157u
intel core_i5 4200u
intel core_i7 4700ec
intel core_i5 520um
intel core_i5 6500t
intel xeon_e7 8894_v4
intel atom_c c2538
intel xeon_e5_2450l -
intel core_i7 2675qm
phoenixcontact bl_bpc_7001_firmware -
intel xeon_e3_1285l_v4 -
intel core_i3 6320
intel xeon_e3_1286l_v3 -
intel atom_c c3950
intel core_i5 560m
intel xeon_e3_1265l_v4 -
intel core_i3 4102e
intel core_i7 4900mq
intel xeon_gold 6138
intel core_i3 4112e
phoenixcontact dl_ppc18.5m_7000_firmware -
intel core_i3 330m
intel xeon_gold 6138t
intel xeon_e5_2420 -
arm cortex-a15_firmware -
intel core_i3 2348m
intel core_i7 860s
intel xeon_e5_2643 -
intel xeon_e7 4807
intel core_i5 5287u
intel core_i5 6300u
intel core_i5 2515e
intel xeon_e5_2637 -
intel core_i7 940
intel xeon_e3_1245 -
phoenixcontact vl2_bpc_3000_firmware -
intel atom_z z3770d
arm cortex-x1_firmware -
intel xeon l5520
intel atom_x3 c3295rk
intel xeon_e5_2408l_v3 -
intel core_i3 2125
intel core_i5 3550s
intel xeon_e5 2660_v2
phoenixcontact vl_ppc_3000_firmware -
intel xeon_gold 6150
intel xeon_e3_1260l -
intel core_i7 4700mq
intel core_i5 3330
intel core_i7 680um
intel core_i5 6585r
intel core_i7 660lm
intel core_i7 4550u
intel core_i7 2820qm
intel xeon_e7 2870
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
intel xeon_platinum 8160t
intel xeon_gold 6128
intel core_i3 4340te
intel core_i7 4650u
intel xeon_e7 4820_v4
intel xeon e7530
intel core_i3 6100te
intel xeon_e5_2650l_v3 -
intel atom_z z3736f
intel xeon_phi 7230
intel core_i3 4370
intel core_i3 4330te
intel xeon_e5 2687w_v4
intel core_i7 2637m
phoenixcontact bl_ppc_7000_firmware -
intel core_i7 3517u
intel core_i5 670
intel xeon_e3_1220_v2 -
intel core_i3 330e
intel core_i5 6267u
intel core_i7 870s
intel core_i7 7700
intel core_i7 2629m
siemens simatic_itc1500_firmware *
suse suse_linux_enterprise_software_development_kit 11
intel xeon_gold 6132
intel core_i7 2715qe
intel xeon_e5 2680_v2
intel xeon_e5_1630_v4 -
intel core_i3 2365m
intel core_i7 3740qm
intel xeon_e3_1240l_v5 -
intel xeon_e3_1285_v3 -
intel xeon_e5_2650 -
intel xeon_e7 4830_v4
intel core_i5 4460s
intel core_i3 2330e
intel core_i7 4960hq
intel xeon_e3_1270_v2 -
phoenixcontact vl_bpc_2000_firmware -
intel core_i5 4340m
intel core_i5 2400s
intel core_i7 4710mq
intel xeon_e3_1276_v3 -
intel xeon_gold 6154
intel core_i3 530
intel xeon_e3 1535m_v5
intel core_i5 2557m
intel xeon_e5 4628l_v4
siemens simatic_winac_rtx_(f)_2010_firmware *
intel core_i3 4370t
intel xeon_e3_1268l_v3 -
intel core_i7 3635qm
intel atom_c c2508
intel xeon_e5 2695_v2
vmware fusion *
intel core_i7 660ue
intel atom_x3 c3235rk
intel xeon w3670
intel xeon_e5_2640 -
intel core_i3 3110m
intel core_i7 860
intel core_i5 4690t
intel xeon_e7 4820
intel core_i7 2655le
intel xeon e5606
intel core_i5 3360m
intel core_i7 4710hq
intel xeon_e3_1270 -
intel xeon ec5539
netapp solidfire -
intel core_i3 3250
intel celeron_n n2820
intel core_i7 4980hq
intel xeon_platinum 8176
intel xeon_e3_1230l_v3 -
intel xeon_e5 2680_v3
intel core_i7 4712hq
intel core_i7 975
intel core_i7 4702ec
intel xeon_bronze_3104 -
arm cortex-a78_firmware -
intel xeon_gold 6146
intel core_i3 4170t
intel xeon_e3_1268l_v5 -
intel core_i7 2600
intel xeon_e3_1280 -
phoenixcontact el_ppc_1000/wt_firmware -
intel xeon_e5_2628l_v2 -
suse suse_linux_enterprise_server 11
intel core_i5 2540m
intel core_i7 7820hq
intel xeon_e3_1245_v5 -
intel xeon_e5 4620_v2
intel xeon_e5_1650_v2 -
intel xeon_platinum 8153
intel xeon_e7 8890_v3
intel core_i7 620m
intel xeon_e5 2680
intel xeon_e5_1660_v4 -
intel core_i3 4150t
intel core_i3 2120
arm cortex-a73_firmware -
intel atom_c c2316
phoenixcontact vl2_ppc12_1000_firmware -
intel core_i5 3470s
intel xeon lc5528
intel xeon_e3_12201 -
intel xeon_e5 2699a_v4
intel xeon_silver 4109t
intel core_i5 5675r
intel core_i3 2102
phoenixcontact el_ppc_1000/m_firmware -
intel core_i3 2120t
intel xeon_e5_2418l_v3 -
intel xeon_e3 1585l_v5
intel xeon_e5 4640_v3
intel atom_x3 c3130
intel core_i5 4570s
intel core_i5 5350h
intel xeon_e5_2407 -
intel core_i5 3337u
intel xeon_e5_2440_v2 -
intel core_i5 4690k
intel xeon_e7 8891_v4
phoenixcontact el_ppc_1000_firmware -
intel xeon_gold 6126
intel xeon_e3_1275_v6 -
intel celeron_n n4000
intel xeon_platinum 8160m
intel xeon_e3_1220_v3 -
intel atom_c c3850
phoenixcontact bl_ppc_1000_firmware -
intel core_i7 2617m
intel core_i7 4510u
intel core_i5 6402p
phoenixcontact vl_ipc_p7000_firmware -
intel xeon_e5_2630_v3 -
intel xeon_e5 2687w_v3
intel atom_z z2420
intel core_i5 8600k
intel xeon_e3_1285l_v3 -
intel xeon_platinum 8158
intel xeon_gold 6140m
intel xeon_e3_1240_v3 -
intel core_i5 460m
intel atom_c c2350
intel core_i5 3339y
intel xeon_e5 2699_v4
intel core_i3 5015u
intel core_i7 2635qm
intel core_i3 380m
intel xeon_e7 2820
intel celeron_n n2920
intel xeon_e5_2603_v2 -
intel xeon e5630
intel core_i5 6350hq
intel core_i7 4610m
intel atom_x3 c3405
intel xeon_e5 4650
intel xeon_e5_2640_v2 -
intel xeon_e7 8891_v3
intel xeon x5677
intel core_i7 4790t
intel xeon_gold 6142
intel xeon_gold 5122
intel xeon_e3_1220l_v3 -
intel xeon_phi 7235
intel xeon_e5_2428l -
phoenixcontact bl2_bpc_7000_firmware -
intel xeon_gold 5119t
intel core_i7 4860hq
intel atom_z z3570
intel celeron_n n2930
intel xeon_platinum 8160f
intel xeon_e5 4640
intel core_i3 4340
intel core_i7 7567u
intel xeon_e5 2658_v3
intel xeon_e7 8893_v2
intel core_i5 3320m
intel xeon_e5_2430 -
intel core_i7 4558u
intel core_i7 7700k
intel xeon_e7 4809_v2
intel core_i7 7660u
synology vs960hd_firmware -
intel atom_z z3745d
intel core_i3 4012y
intel core_i5 430um
intel celeron_n n2806
intel core_i3 2312m
intel xeon_e5 4617
intel core_i5 4430
intel xeon_e3_1225_v5 -
intel core_i7 620um
intel xeon_e3_1505l_v5 -
intel core_i3 540
intel core_i7 950
intel core_i5 4422e
intel xeon_e7 8870_v2
intel xeon_e7 8870_v3
intel core_i5 6442eq
intel core_i7 2700k
intel xeon x3480
phoenixcontact dl_ppc21.5m_7000_firmware -
intel celeron_j j1800
intel xeon_gold 6126f
intel core_i7 7600u
intel xeon_e5_2609 -
intel xeon_gold 6126t
intel core_m3 7y32
intel xeon_e5_1620 -
intel atom_z z2760
intel xeon_e5 2667_v2
intel xeon_e5_2407_v2 -
intel core_i7 2670qm
intel xeon_e5_1428l -
intel xeon_e7 2803
intel core_i5 8400
intel xeon_e7 8891_v2
intel core_i5 2300
oracle solaris 11.3
intel core_i7 980x
intel xeon_e5_2403_v2 -
intel core_i5 4410e
intel xeon_e7 2860
intel core_i7 2600k
intel xeon_e3_1245_v2 -
intel xeon x5672
intel xeon_e7 4890_v2
intel xeon_e5_2628l_v3 -
vmware esxi 6.0
intel core_i7 4600m
intel atom_c c2518
intel core_i5 4200y
intel core_i7 2657m
intel atom_z z2480
intel core_i5 3340m
intel core_i3 550
intel atom_x3 c3200rk
intel core_i7 3615qe
intel xeon e7540
intel core_m 5y10
intel atom_x3 c3445
intel xeon_bronze_3106 -
intel core_i3 6100t
intel core_i7 970
intel atom_x3 c3230rk
intel xeon_e7 2850_v2
CVE-2017-9552 LOW

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-287,

Products Affected

Vendor Product Version
synology photo_station 6.0-2639
synology photo_station 6.5.3-3226
synology photo_station 6.0-2640
synology photo_station 6.0-2638
synology photo_station 6.5.0-3218
synology photo_station 6.6.1-3345
synology photo_station 6.3-2960
synology photo_station 6.3-2964
synology photo_station 6.3-2963
synology photo_station 6.6.2-3346
synology photo_station 6.7.1-3419
synology photo_station 6.3-2962
synology photo_station 6.3-2944
synology photo_station 6.7.0-3414
synology photo_station 6.3-2965
synology photo_station 6.4-3166
synology photo_station 6.0-2636
synology photo_station 6.6.3-3347
synology photo_station 6.0-2528
synology photo_station 6.3-2958
synology photo_station 6.5.1-3223
synology photo_station 6.5.2-3225
synology photo_station 6.6.1-3346
synology photo_station 6.6.0-3339
CVE-2017-9553 MEDIUM

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-9554 MEDIUM

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2017-9555 LOW

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2017-9556 LOW

Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology video_station *
CVE-2018-1160 HIGH

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,CWE-787,

Products Affected

Vendor Product Version
netatalk netatalk *
synology router_manager *
synology diskstation_manager *
synology vs960hd_firmware -
debian debian_linux 9.0
synology skynas -
CVE-2018-13280 MEDIUM

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-13281 MEDIUM

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager 6.0
synology vs960hd -
synology diskstation_manager *
synology diskstation_manager 5.2
synology skynas -
CVE-2018-13282 MEDIUM

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,CWE-384,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2018-13283 MEDIUM

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-671,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology ssl_vpn_client *
CVE-2018-13284 HIGH

Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-13285 HIGH

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-13286 MEDIUM

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-13287 MEDIUM

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-13288 MEDIUM

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology file_station *
CVE-2018-13289 MEDIUM

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-13290 MEDIUM

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-13291 MEDIUM

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-13292 MEDIUM

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-13293 LOW

Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-13294 MEDIUM

Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology application_service *
CVE-2018-13295 MEDIUM

Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology application_service *
CVE-2018-13296 MEDIUM

Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
synology mailplus_server *
CVE-2018-13297 MEDIUM

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology drive_server *
CVE-2018-13298 MEDIUM

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology moments *
CVE-2018-13299 MEDIUM

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
synology calendar *
CVE-2018-7170 LOW

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology router_manager *
synology vs960hd_firmware *
synology skynas *
synology diskstation_manager *
netapp hci -
ntp ntp *
ntp ntp 4.2.8
hpe hpux-ntp *
synology virtual_diskstation_manager *
netapp solidfire -
CVE-2018-7184 MEDIUM

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology diskstation_manager 6.1
synology diskstation_manager 6.0
slackware slackware_linux 14.2
synology router_manager 1.1
synology diskstation_manager 5.2
canonical ubuntu_linux 17.10
netapp steelstore_cloud_integrated_storage -
synology vs960hd_firmware -
canonical ubuntu_linux 18.04
synology skynas -
slackware slackware_linux 14.1
synology virtual_diskstation_manager -
canonical ubuntu_linux 16.04
netapp cloud_backup -
ntp ntp 4.2.8
slackware slackware_linux 14.0
canonical ubuntu_linux 14.04
CVE-2018-7185 MEDIUM

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
oracle fujitsu_m10-1_firmware *
synology skynas *
synology diskstation_manager *
netapp hci -
hpe hpux-ntp *
canonical ubuntu_linux 17.10
oracle fujitsu_m10-4s_firmware *
oracle fujitsu_m12-1_firmware *
netapp solidfire -
canonical ubuntu_linux 18.04
oracle fujitsu_m10-4_firmware *
oracle fujitsu_m12-2s_firmware *
synology router_manager *
oracle fujitsu_m12-2_firmware *
synology vs960hd_firmware *
canonical ubuntu_linux 16.04
ntp ntp *
ntp ntp 4.2.8
synology virtual_diskstation_manager *
canonical ubuntu_linux 14.04
CVE-2018-8897 HIGH

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
synology diskstation_manager 6.1
synology diskstation_manager 6.0
citrix xenserver 7.3
citrix xenserver 7.0
citrix xenserver 6.2.0
citrix xenserver 6.5
redhat enterprise_linux_server 7.0
synology skynas -
canonical ubuntu_linux 16.04
citrix xenserver 7.1
debian debian_linux 9.0
canonical ubuntu_linux 14.04
apple mac_os_x *
synology diskstation_manager 5.2
canonical ubuntu_linux 17.10
freebsd freebsd *
citrix xenserver 7.4
redhat enterprise_virtualization_manager 3.0
xen xen -
debian debian_linux 7.0
citrix xenserver 7.2
debian debian_linux 8.0
citrix xenserver 6.0.2
redhat enterprise_linux_workstation 7.0
CVE-2018-8910 LOW

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology drive_server *
CVE-2018-8911 LOW

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology note_station *
CVE-2018-8912 LOW

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology note_station *
CVE-2018-8913 MEDIUM

Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-756,CWE-601,

Products Affected

Vendor Product Version
synology web_station *
CVE-2018-8914 HIGH

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology media_server *
CVE-2018-8915 LOW

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology calendar *
CVE-2018-8916 MEDIUM

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-620,CWE-640,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-8917 LOW

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-8918 LOW

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2018-8919 MEDIUM

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-8920 MEDIUM

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,CWE-116,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2018-8921 LOW

Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology drive_server *
CVE-2018-8922 MEDIUM

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology drive_server 1.0.2-10275
CVE-2018-8923 LOW

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology file_station *
CVE-2018-8924 LOW

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology office *
CVE-2018-8925 MEDIUM

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2018-8926 MEDIUM

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-625,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2018-8927 MEDIUM

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
synology calendar *
CVE-2018-8928 LOW

Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology carddav_server *
CVE-2018-8929 MEDIUM

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-417,

Products Affected

Vendor Product Version
synology ssl_vpn_client *
CVE-2019-11820 LOW

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
synology calendar *
CVE-2019-11821 HIGH

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2019-11822 MEDIUM

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2019-11823 MEDIUM

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2019-11825 LOW

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology calendar *
CVE-2019-11826 MEDIUM

Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
synology moments *
CVE-2019-11827 LOW

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology note_station *
CVE-2019-11828 LOW

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology office *
CVE-2019-11829 HIGH

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
synology calendar *
CVE-2019-14907 LOW

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 30
samba samba *
redhat enterprise_linux 7.0
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
redhat enterprise_linux 8.0
synology router_manager 1.2
canonical ubuntu_linux 18.04
synology skynas -
synology directory_server -
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
redhat storage 3.0
debian debian_linux 9.0
fedoraproject fedora 31
CVE-2019-19344 MEDIUM

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
samba samba *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
opensuse leap 15.1
synology router_manager 1.2
canonical ubuntu_linux 18.04
synology skynas -
synology directory_server -
CVE-2019-3870 LOW

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
synology diskstation_manager 6.1
fedoraproject fedora 30
synology vs960hd_firmware *
samba samba *
synology diskstation_manager 5.2
synology diskstation_manager 6.2
fedoraproject fedora 29
synology skynas_firmware -
synology router_manager 1.2
synology directory_server -
CVE-2019-9494 MEDIUM

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-208,CWE-524,CWE-203,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
synology radius_server 3.0
opensuse backports_sle 15.0
synology router_manager *
fedoraproject fedora 30
w1.fi hostapd *
w1.fi wpa_supplicant *
fedoraproject fedora 28
fedoraproject fedora 29
opensuse leap 15.1
freebsd freebsd 11.2
CVE-2019-9495 MEDIUM

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-524,CWE-203,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
synology radius_server 3.0
opensuse backports_sle 15.0
fedoraproject fedora 30
w1.fi hostapd *
fedoraproject fedora 28
opensuse leap 15.1
synology router_manager *
w1.fi wpa_supplicant *
fedoraproject fedora 29
debian debian_linux 8.0
freebsd freebsd 11.2
CVE-2019-9498 MEDIUM

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-287,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
synology radius_server 3.0
opensuse backports_sle 15.0
fedoraproject fedora 30
w1.fi hostapd *
fedoraproject fedora 28
freebsd freebsd *
opensuse leap 15.1
synology router_manager 1.2
w1.fi wpa_supplicant *
fedoraproject fedora 29
debian debian_linux 8.0
freebsd freebsd 11.2
CVE-2019-9499 MEDIUM

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-287,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
synology radius_server 3.0
opensuse backports_sle 15.0
fedoraproject fedora 30
w1.fi hostapd *
fedoraproject fedora 28
freebsd freebsd *
opensuse leap 15.1
synology router_manager 1.2
w1.fi wpa_supplicant *
fedoraproject fedora 29
debian debian_linux 8.0
freebsd freebsd 11.2
CVE-2019-9501 HIGH

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cret@cert.org 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
broadcom bcm4339_firmware -
synology router_manager 1.2
CVE-2019-9502 HIGH

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cret@cert.org 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
broadcom bcm4339_firmware -
synology router_manager 1.2
CVE-2019-9511 HIGH

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
apache traffic_server *
synology skynas -
nodejs node.js *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
oracle enterprise_communications_broker 3.2.0
debian debian_linux 9.0
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
oracle enterprise_communications_broker 3.1.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
f5 nginx *
fedoraproject fedora 29
CVE-2019-9513 HIGH

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,NVD-CWE-Other,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
apache traffic_server *
synology skynas -
nodejs node.js *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
oracle enterprise_communications_broker 3.2.0
debian debian_linux 9.0
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
oracle enterprise_communications_broker 3.1.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
f5 nginx *
fedoraproject fedora 29
CVE-2019-9514 HIGH

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
netapp trident -
synology vs960hd_firmware -
redhat enterprise_linux_server 7.0
opensuse leap 15.1
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.1
apache traffic_server *
synology skynas -
nodejs node.js *
f5 big-ip_local_traffic_manager *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
redhat openshift_container_platform 4.2
redhat openshift_container_platform 3.11
debian debian_linux 9.0
redhat openshift_container_platform 3.10
redhat openstack 14
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat single_sign-on 7.3
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
redhat openshift_container_platform 3.9
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
netapp cloud_insights -
redhat developer_tools 1.0
fedoraproject fedora 29
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 8.1
CVE-2019-9515 HIGH

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.1
apache traffic_server *
synology skynas -
nodejs node.js *
f5 big-ip_local_traffic_manager *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
debian debian_linux 9.0
redhat openstack 14
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat single_sign-on 7.3
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
fedoraproject fedora 29
CVE-2019-9516 MEDIUM

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
apache traffic_server *
synology skynas -
nodejs node.js *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
debian debian_linux 9.0
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
f5 nginx *
fedoraproject fedora 29
fedoraproject fedora 32
CVE-2019-9517 HIGH

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
oracle communications_element_manager 8.1.0
oracle retail_xstore_point_of_service 7.1
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
apache traffic_server *
synology skynas -
nodejs node.js *
oracle communications_element_manager 8.1.1
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
oracle communications_element_manager 8.0.0
redhat software_collections 1.0
debian debian_linux 9.0
mcafee web_gateway *
netapp clustered_data_ontap -
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
apache http_server *
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
fedoraproject fedora 29
oracle communications_element_manager 8.2.0
CVE-2019-9518 HIGH

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
apple swiftnio *
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_core_services 1.0
synology vs960hd_firmware -
opensuse leap 15.1
redhat enterprise_linux 8.0
apache traffic_server *
synology skynas -
nodejs node.js *
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
redhat software_collections 1.0
debian debian_linux 9.0
mcafee web_gateway *
oracle graalvm 19.2.0
fedoraproject fedora 30
debian debian_linux 10.0
redhat openshift_service_mesh 1.0
synology diskstation_manager 6.2
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
redhat quay 3.0.0
opensuse leap 15.0
fedoraproject fedora 29
CVE-2020-1472 HIGH

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
opensuse leap 15.1
microsoft windows_server_2016 2004
synology directory_server *
canonical ubuntu_linux 16.04
microsoft windows_server_1903 *
debian debian_linux 9.0
canonical ubuntu_linux 14.04
microsoft windows_server_2004 -
microsoft windows_server_1909 *
samba samba *
microsoft windows_server_2012 r2
opensuse leap 15.2
microsoft windows_server_2016 1909
canonical ubuntu_linux 18.04
microsoft windows_server_2016 -
microsoft windows_server_2019 -
microsoft windows_server_20h2 -
microsoft windows_server_2008 r2
fedoraproject fedora 33
microsoft windows_server_2016 1903
canonical ubuntu_linux 20.04
fedoraproject fedora 31
fedoraproject fedora 32
microsoft windows_server_2012 -
CVE-2020-27648 MEDIUM

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology skynas_firmware *
CVE-2020-27649 MEDIUM

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27650 MEDIUM

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L 1.6 3.7
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-614,CWE-311,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology skynas_firmware *
CVE-2020-27651 MEDIUM

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L 1.6 3.7
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-614,CWE-311,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27652 MEDIUM

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology skynas_firmware *
CVE-2020-27653 MEDIUM

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
synology router_manager *
synology diskstation_manager 6.2.3_25426
CVE-2020-27654 HIGH

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27655 HIGH

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27656 MEDIUM

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2020-27657 MEDIUM

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27658 MEDIUM

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1004,CWE-732,

Products Affected

Vendor Product Version
synology router_manager *
CVE-2020-27659 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
synology safeaccess *
CVE-2020-27660 HIGH

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@synology.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology safeaccess *
CVE-2020-8621 MEDIUM

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
synology dns_server *
isc bind *
canonical ubuntu_linux 16.04
netapp steelstore_cloud_integrated_storage -
canonical ubuntu_linux 20.04
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu_linux 18.04
CVE-2020-8622 MEDIUM

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
isc bind *
isc bind 9.9.3
debian debian_linux 10.0
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu_linux 18.04
oracle communications_diameter_signaling_router *
synology dns_server *
isc bind 9.11.21
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
debian debian_linux 9.0
fedoraproject fedora 31
fedoraproject fedora 32
canonical ubuntu_linux 14.04
CVE-2020-8623 MEDIUM

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind *
debian debian_linux 10.0
isc bind 9.10.5
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu_linux 18.04
synology dns_server *
isc bind 9.11.21
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
debian debian_linux 9.0
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2021-26560 MEDIUM

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26561 MEDIUM

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
security@synology.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26562 MEDIUM

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26563 MEDIUM

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security@synology.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26564 MEDIUM

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 2.2 5.8
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26565 MEDIUM

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26566 MEDIUM

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-201,CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26567 MEDIUM

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
synology diskstation_manager_unified_controller 3.0
faad2_project faad2 *
synology diskstation_manager *
synology vs960hd_firmware -
synology skynas_firmware -
CVE-2021-26569 MEDIUM

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-366,CWE-362,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-27646 HIGH

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-27647 HIGH

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-27648 MEDIUM

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-610,CWE-610,

Products Affected

Vendor Product Version
synology antivirus_essential *
CVE-2021-27649 HIGH

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2021-29083 HIGH

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-29084 MEDIUM

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2021-29085 MEDIUM

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2021-29086 MEDIUM

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2021-29087 MEDIUM

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2021-29088 MEDIUM

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-29089 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2021-29090 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2021-29091 MEDIUM

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 3.1 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2021-29092 MEDIUM

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2021-31439 MEDIUM

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
netatalk netatalk *
synology diskstation_manager *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2021-3156 HIGH

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,CWE-193,

Products Affected

Vendor Product Version
netapp oncommand_unified_manager_core_package -
netapp hci_management_node -
netapp ontap_tools 9
netapp ontap_select_deploy_administration_utility -
beyondtrust privilege_management_for_unix/linux *
oracle tekelec_platform_distribution *
oracle communications_performance_intelligence_center *
mcafee web_gateway 8.2.17
synology vs960hd_firmware -
mcafee web_gateway 10.0.4
mcafee web_gateway 9.2.8
sudo_project sudo *
synology diskstation_manager_unified_controller 3.0
beyondtrust privilege_management_for_mac *
oracle micros_kitchen_display_system_firmware 210
netapp cloud_backup -
debian debian_linux 9.0
synology skynas_firmware -
oracle micros_workstation_5a_firmware 5a
oracle micros_compact_workstation_3_firmware 310
debian debian_linux 10.0
oracle micros_workstation_6_firmware *
synology diskstation_manager 6.2
sudo_project sudo 1.9.5
netapp solidfire -
netapp active_iq_unified_manager -
fedoraproject fedora 33
oracle micros_es400_firmware *
fedoraproject fedora 32
CVE-2021-33180 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@synology.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
synology media_server *
CVE-2021-33181 MEDIUM

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 2.3 3.7
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
synology video_station *
CVE-2021-33182 MEDIUM

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@synology.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-33183 LOW

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8
security@synology.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
synology docker *
CVE-2021-33184 MEDIUM

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0
security@synology.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
synology download_station *
CVE-2021-34808 MEDIUM

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security@synology.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
synology media_server *
CVE-2021-34809 MEDIUM

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
synology download_station *
CVE-2021-34810 MEDIUM

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
synology download_station *
CVE-2021-34811 MEDIUM

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
synology download_station *
CVE-2021-34812 MEDIUM

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
synology calendar *
CVE-2021-43925 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@synology.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-43926 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-43927 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-43928 MEDIUM

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
synology mail_station *
CVE-2021-43929 MEDIUM

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-79,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2021-44142 HIGH

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_resilient_storage 7.0
fedoraproject fedora 35
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat codeready_linux_builder -
redhat enterprise_linux_server 7.0
redhat enterprise_linux 8.0
redhat virtualization_host 4.0
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_aus 8.2
redhat gluster_storage 3.5
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
canonical ubuntu_linux 21.10
redhat enterprise_linux_server_aus 8.4
canonical ubuntu_linux 14.04
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
debian debian_linux 11.0
redhat enterprise_linux_server 8.1
samba samba *
redhat enterprise_linux_eus 8.2
synology diskstation_manager *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian 7.0
debian debian_linux 10.0
redhat enterprise_linux 7.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_power_big_endian 7.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_power_little_endian_eus 8.4
fedoraproject fedora 34
redhat enterprise_linux_for_scientific_computing 7.0
canonical ubuntu_linux 20.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2022-22679 MEDIUM

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-22680 MEDIUM

Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-22681 MEDIUM

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
synology photo_station *
CVE-2022-22682 LOW

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
synology calendar *
CVE-2022-22683

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology media_server *
CVE-2022-22684

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-22685

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
security@synology.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H 2.3 5.8

Products Affected

Vendor Product Version
synology webdav_server *
CVE-2022-22686

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
synology calendar *
CVE-2022-22687 HIGH

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2022-22688 MEDIUM

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27610

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27611

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology audio_station *
CVE-2022-27612

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.

Products Affected

Vendor Product Version
synology audio_station *
CVE-2022-27613

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
synology carddav_server *
CVE-2022-27614

Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology media_server *
CVE-2022-27615

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
synology dns_server *
CVE-2022-27616

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27617

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology calendar *
CVE-2022-27618

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2
security@synology.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N 2.3 4.0

Products Affected

Vendor Product Version
synology storage_analyzer *
CVE-2022-27619

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
security@synology.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 2.2 4.0

Products Affected

Vendor Product Version
synology note_station *
CVE-2022-27620

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
synology sso_server *
CVE-2022-27621

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5
security@synology.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
synology usb_copy *
CVE-2022-27622

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@synology.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N 2.3 1.4

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27623

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
security@synology.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27624

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27625

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-27626

A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-3576

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2022-43748

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology presto_file_server *
CVE-2022-43749

Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
synology presto_file_server *
CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Products Affected

Vendor Product Version
synology vpn_plus_server *
CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-0077

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-0142

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

Products Affected

Vendor Product Version
synology router_manager *
synology diskstation_manager *
synology router_manager 1.3.1-9346
synology diskstation_manager_unified_controller 3.1
CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
synology router_manager *
synology diskstation_manager *
synology router_manager 1.3.1-9346
synology diskstation_manager_unified_controller 3.1
CVE-2023-32955

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-32956

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-41738

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-41740

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-41741

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology router_manager *
CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2023-47803

A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2023-52943

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2023-52944

Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2023-52947

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2023-52948

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6
security@synology.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2023-52949

Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security@synology.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2023-52950

Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.6 3.6
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2023-5748

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security@synology.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
synology ssl_vpn_client *
CVE-2024-0854

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N 2.3 1.4
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology beestation_os 1.1
synology beestation_os 1.0.1
synology beestation_os 1.0.2
synology diskstation_manager *
synology beestation_os 1.0
CVE-2024-10442

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
syncology replication_service *
synology unified_controller *
synology replication_service *
CVE-2024-10443

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology photos *
synology beephotos *
CVE-2024-10444

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology beestation_os 1.1
synology beestation_os 1.0.1
synology beestation_os 1.0.2
synology diskstation_manager *
synology beestation_os 1.0
CVE-2024-11131

A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
synology cc400w_firmware *
CVE-2024-11398

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-29227

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29228

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29229

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29230

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29231

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29232

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29233

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29234

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29235

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29236

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29237

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29238

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29239

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
synology surveillance_station *
CVE-2024-39347

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
synology router_manager 1.2.5-8227
CVE-2024-39348

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
synology router_manager 1.2.5-8227
CVE-2024-39349

A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2024-39350

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2024-39352

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2024-4464

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology media_server *
CVE-2024-45538

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2024-47264

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2024-47265

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2024-47266

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
synology active_backup_for_business_agent *
CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
synology beestation_os 1.1
synology beestation_os 1.0.1
synology beestation_os 1.0.2
synology diskstation_manager *
synology beestation_os 1.0
CVE-2024-50630

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology drive_server *
CVE-2024-50631

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology drive_server *
CVE-2024-53279

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53280

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53281

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53282

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53283

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53284

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53285

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53286

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53287

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-53288

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology diskstation_manager *
synology diskstation_manager_unified_controller *
CVE-2024-5463

A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
synology tc500_firmware *
synology bc500_firmware *
CVE-2025-1021

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology diskstation_manager *
CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
synology mail_server *
CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2025-29845

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2025-29846

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
synology router_manager *
synology router_manager 1.3.1-9346
CVE-2025-4679

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security@synology.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
synology active_backup_for_microsoft_365 -
CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
synology beedrive *
CVE-2025-54159

Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
synology beedrive *
CVE-2025-54160

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
synology beedrive *
CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H 1.3 4.2

Products Affected

Vendor Product Version
synology beedrive *
CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@synology.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
synology presto_client *