CVE-2024-4464
- EPSS 0.19%
- Published 18.12.2024 06:15:23
- Last modified 18.12.2024 06:15:23
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
CVE-2022-27614
- EPSS 0.19%
- Published 28.07.2022 07:15:08
- Last modified 14.01.2025 19:29:55
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2022-22683
- EPSS 3.55%
- Published 28.07.2022 07:15:07
- Last modified 14.01.2025 19:29:55
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-34808
- EPSS 0.18%
- Published 18.06.2021 03:15:06
- Last modified 21.11.2024 06:11:14
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-33180
- EPSS 0.34%
- Published 01.06.2021 14:15:10
- Last modified 21.11.2024 06:08:27
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-8914
- EPSS 0.34%
- Published 10.05.2018 13:29:00
- Last modified 21.11.2024 04:14:35
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.