Synology

Audio Station

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-27611

  • EPSS 1.01%
  • Published 28.07.2022 08:15:08
  • Last modified 21.11.2024 06:56:01

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.

9.8

CVE-2022-27612

  • EPSS 1.93%
  • Published 28.07.2022 07:15:07
  • Last modified 21.11.2024 06:56:01

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.

5.4

CVE-2017-15888

  • EPSS 0.23%
  • Published 30.10.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.

5.4

CVE-2015-9104

  • EPSS 0.2%
  • Published 30.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.