Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology download station vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-34809
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station prior to 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Download Station
8.8
CVSSv3
CVE-2021-34810
Improper privilege management vulnerability in cgi component in Synology Download Station prior to 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Download Station
7.8
CVSSv3
CVE-2017-11156
Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.5-2973
Synology Download Station 3.5-2970
Synology Download Station 3.5-2968
Synology Download Station 3.5-2967
Synology Download Station 3.4-2489
Synology Download Station 3.4-2486
Synology Download Station 3.4-2485
Synology Download Station 3.4-2480
Synology Download Station 3.4-2478
Synology Download Station 3.8.0-3416
Synology Download Station 3.5-2980
Synology Download Station 3.5-2963
Synology Download Station 3.5-2956
Synology Download Station 3.4-2555
Synology Download Station 3.4-2490
Synology Download Station 3.3-2386
Synology Download Station 3.3-2382
Synology Download Station 3.8.4-3468
Synology Download Station 3.8.3-3458
Synology Download Station 3.8.2-3455
Synology Download Station 3.5-2706
Synology Download Station 3.5-2705
7.7
CVSSv3
CVE-2021-33184
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station prior to 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Download Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-11149
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
Synology Download Station 3.4-2480
Synology Download Station 3.4-2485
Synology Download Station 3.4-2486
Synology Download Station 3.4-2489
Synology Download Station 3.5-2706
Synology Download Station 3.5-2955
Synology Download Station 3.5-2956
Synology Download Station 3.5-2962
Synology Download Station 3.3-2382
Synology Download Station 3.3-2386
Synology Download Station 3.4-2478
Synology Download Station 3.4-2490
Synology Download Station 3.4-2555
Synology Download Station 3.4-2558
Synology Download Station 3.5-2705
Synology Download Station 3.5-2963
Synology Download Station 3.5-2968
Synology Download Station 3.5-2973
Synology Download Station 3.2-2295
Synology Download Station 3.8.2-3455
Synology Download Station 3.8.3-3458
Synology Download Station 3.8.1-3420
4.3
CVSSv3
CVE-2021-34811
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station prior to 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
Synology Download Station
NA
CVE-2015-6909
Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station prior to 3.5-2962 allows remote malicious users to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent fi...
Synology Download Station
NA
CVE-2015-6913
Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station prior to 3.5-2967 allows remote malicious users to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman...
Synology Download Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started