Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-13282
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station prior to 6.8.7-3481 allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
Synology Photo Station
9
CVSSv2
CVE-2018-13284
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) prior to 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Synology Diskstation Manager
9
CVSSv2
CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager (SRM) prior to 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Synology Router Manager
4
CVSSv2
CVE-2018-13286
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) prior to 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Synology Diskstation Manager
4
CVSSv2
CVE-2018-13287
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) prior to 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Synology Router Manager
4
CVSSv2
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
3.5
CVSSv2
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
4
CVSSv2
CVE-2017-12074
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server prior to 2.2.1-3042 allows remote authenticated malicious users to write arbitrary files via the domain_name parameter.
Synology Dns Server
6.5
CVSSv2
CVE-2017-12075
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Diskstation Manager
4
CVSSv2
CVE-2017-12077
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) prior to 1.1.4-6509 allows remote authenticated malicious user to exhaust the memory resources of the machine, causing a denial of service attack.
Synology Router Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »