Synology » Media Server : Security Vulnerabilities, CVEs,
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.12%
Published
2022-07-28
Updated
2022-08-03
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.14%
Published
2022-07-28
Updated
2022-08-03
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
Max CVSS
5.8
EPSS Score
0.13%
Published
2021-06-18
Updated
2021-06-23
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.07%
Published
2021-06-01
Updated
2021-06-09
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
Max CVSS
9.8
EPSS Score
0.07%
Published
2018-05-10
Updated
2019-10-09
5 vulnerabilities found