Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.0-1502
Synology Office 2.2.1-1506
7.8
CVSSv3
CVE-2017-11156
Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.5-2973
Synology Download Station 3.5-2970
Synology Download Station 3.5-2968
Synology Download Station 3.5-2967
Synology Download Station 3.4-2489
Synology Download Station 3.4-2486
Synology Download Station 3.4-2485
Synology Download Station 3.4-2480
Synology Download Station 3.4-2478
Synology Download Station 3.8.0-3416
Synology Download Station 3.5-2980
Synology Download Station 3.5-2963
Synology Download Station 3.5-2956
Synology Download Station 3.4-2555
Synology Download Station 3.4-2490
Synology Download Station 3.3-2386
Synology Download Station 3.3-2382
Synology Download Station 3.8.4-3468
Synology Download Station 3.8.3-3458
Synology Download Station 3.8.2-3455
Synology Download Station 3.5-2706
Synology Download Station 3.5-2705
7.8
CVSSv3
CVE-2017-9552
A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user ...
Synology Photo Station 6.0-2636
Synology Photo Station 6.5.2-3225
Synology Photo Station 6.3-2963
Synology Photo Station 6.3-2962
Synology Photo Station 6.0-2640
Synology Photo Station 6.6.2-3346
Synology Photo Station 6.3-2965
Synology Photo Station 6.6.1-3346
Synology Photo Station 6.3-2964
Synology Photo Station 6.5.1-3223
Synology Photo Station 6.5.0-3218
Synology Photo Station 6.3-2944
Synology Photo Station 6.0-2528
Synology Photo Station 6.3-2958
Synology Photo Station 6.0-2638
Synology Photo Station 6.6.1-3345
Synology Photo Station 6.6.0-3339
Synology Photo Station 6.5.3-3226
Synology Photo Station 6.3-2960
Synology Photo Station 6.7.1-3419
Synology Photo Station 6.4-3166
Synology Photo Station 6.0-2639
7.8
CVSSv3
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
7.7
CVSSv3
CVE-2021-33184
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station prior to 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Download Station
7.5
CVSSv3
CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Router Manager
7.5
CVSSv3
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) prior to 7.2-64561 allows remote malicious users to obtain user credential via unspecified vectors.
Synology Diskstation Manager Unified Controller 3.1
Synology Diskstation Manager
Synology Router Manager 1.3.1-9346
Synology Router Manager
7.5
CVSSv3
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to read arbitrary files via unspecifie...
Synology Router Manager
7.5
CVSSv3
CVE-2022-43748
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server prior to 2.1.2-1601 allows remote malicious users to write arbitrary files via unspecified vectors.
Synology Presto File Server
7.5
CVSSv3
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) ...
Synology Diskstation Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »