Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-22680
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
7.5
CVSSv3
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
8.8
CVSSv3
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecifi...
Synology Diskstation Manager
8.1
CVSSv3
CVE-2022-22685
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server prior to 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Webdav Server
9.8
CVSSv3
CVE-2023-0077
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to overflow buffers via unspecified vectors.
Synology Router Manager
8.8
CVSSv3
CVE-2016-10322
Synology Photo Station prior to 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
Synology Photo Station
7.8
CVSSv3
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
9.8
CVSSv3
CVE-2016-10329
Command injection vulnerability in login.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
Synology Photo Station
7.1
CVSSv3
CVE-2016-10330
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station prior to 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
Synology Photo Station
7.5
CVSSv3
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to read arbitrary files via a full pathname in the id parameter.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »