Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-27622
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) prior to 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
Synology Diskstation Manager
9.1
CVSSv3
CVE-2022-27623
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) prior to 7.1-42661 allows remote malicious users to read or write arbitrary files via unspecified vectors.
Synology Diskstation Manager
9.8
CVSSv3
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via unspecified vectors. The followi...
Synology Diskstation Manager
9.8
CVSSv3
CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via unspecified vectors. The follow...
Synology Diskstation Manager
8.1
CVSSv3
CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via u...
Synology Diskstation Manager
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2019-11823
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) prior to 1.2.3-8017-2 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Synology Router Manager
5.4
CVSSv3
CVE-2019-11827
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station prior to 2.5.3-0863 allows remote malicious users to inject arbitrary web script or HTML via the object_id parameter.
Synology Note Station
9.8
CVSSv3
CVE-2021-43925
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vectors.
Synology Diskstation Manager
5.4
CVSSv3
CVE-2021-43929
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML...
Synology Diskstation Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »