Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-22680
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
5
CVSSv2
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
NA
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecifi...
Synology Diskstation Manager
NA
CVE-2022-22685
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server prior to 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Webdav Server
6.5
CVSSv2
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified v...
Synology Diskstation Manager
NA
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station prior to 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Audio Station
NA
CVE-2022-27612
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station prior to 6.5.4-3367 allows remote malicious users to execute arbitrary commands via unspecified vectors.
Synology Audio Station
NA
CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server prior to 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
Synology Carddav Server
NA
CVE-2022-27615
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server prior to 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Dns Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »