Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-15887
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server prior to 6.0.7-0085 allows remote malicious users to obtain user credentials via a brute-force attack.
Synology Carddav Server
5.4
CVSSv3
CVE-2017-15888
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station prior to 6.3.0-3260 allows remote authenticated malicious users to inject arbitrary web script or HTML via the NAME parameter.
Synology Audio Station
8.8
CVSSv3
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) prior to 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Synology Diskstation Manager
4.8
CVSSv3
CVE-2017-15890
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server prior to 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
Synology Mailplus Server
6.5
CVSSv3
CVE-2017-15893
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station prior to 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology File Station
6.5
CVSSv3
CVE-2017-15894
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x prior to 6.0.3-8754-3 and prior to 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology Diskstation Manager
6.5
CVSSv3
CVE-2017-15895
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) prior to 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology Router Manager
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
8.1
CVSSv3
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Diskstation Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »