Filtered by vendor Synology
Subscriptions
Filtered by product Media Server
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4464 | 1 Synology | 1 Media Server | 2025-07-12 | 7.5 High |
| Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. | ||||
| CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | 10 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-27614 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2024-11-21 | 5.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | ||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2024-11-21 | 7.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-8914 | 1 Synology | 1 Media Server | 2024-11-21 | N/A |
| SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. | ||||
Page 1 of 1.