Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-11160
Multiple untrusted search path vulnerabilities in installer in Synology Assistant prior to 6.1-15163 on Windows allows local malicious users to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwm...
Synology Assistant
7.8
CVSSv3
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.0-1502
Synology Office 2.2.1-1506
7.8
CVSSv3
CVE-2017-11156
Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.5-2973
Synology Download Station 3.5-2970
Synology Download Station 3.5-2968
Synology Download Station 3.5-2967
Synology Download Station 3.4-2489
Synology Download Station 3.4-2486
Synology Download Station 3.4-2485
Synology Download Station 3.4-2480
Synology Download Station 3.4-2478
Synology Download Station 3.8.0-3416
Synology Download Station 3.5-2980
Synology Download Station 3.5-2963
Synology Download Station 3.5-2956
Synology Download Station 3.4-2555
Synology Download Station 3.4-2490
Synology Download Station 3.3-2386
Synology Download Station 3.3-2382
Synology Download Station 3.8.4-3468
Synology Download Station 3.8.3-3458
Synology Download Station 3.8.2-3455
Synology Download Station 3.5-2706
Synology Download Station 3.5-2705
7.8
CVSSv3
CVE-2017-9552
A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user ...
Synology Photo Station 6.0-2636
Synology Photo Station 6.5.2-3225
Synology Photo Station 6.3-2963
Synology Photo Station 6.3-2962
Synology Photo Station 6.0-2640
Synology Photo Station 6.6.2-3346
Synology Photo Station 6.3-2965
Synology Photo Station 6.6.1-3346
Synology Photo Station 6.3-2964
Synology Photo Station 6.5.1-3223
Synology Photo Station 6.5.0-3218
Synology Photo Station 6.3-2944
Synology Photo Station 6.0-2528
Synology Photo Station 6.3-2958
Synology Photo Station 6.0-2638
Synology Photo Station 6.6.1-3345
Synology Photo Station 6.6.0-3339
Synology Photo Station 6.5.3-3226
Synology Photo Station 6.3-2960
Synology Photo Station 6.7.1-3419
Synology Photo Station 6.4-3166
Synology Photo Station 6.0-2639
7.8
CVSSv3
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
7.7
CVSSv3
CVE-2021-33184
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station prior to 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Download Station
7.5
CVSSv3
CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Router Manager
7.5
CVSSv3
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) prior to 7.2-64561 allows remote malicious users to obtain user credential via unspecified vectors.
Synology Diskstation Manager Unified Controller 3.1
Synology Diskstation Manager
Synology Router Manager 1.3.1-9346
Synology Router Manager
7.5
CVSSv3
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to read arbitrary files via unspecifie...
Synology Router Manager
7.5
CVSSv3
CVE-2022-43748
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server prior to 2.1.2-1601 allows remote malicious users to write arbitrary files via unspecified vectors.
Synology Presto File Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »