Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
454
VMScore
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
668
VMScore
CVE-2022-22687
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29087
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to write arbitrary files via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29084
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary ...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29085
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary files via u...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29086
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
755
VMScore
CVE-2017-11153
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to gain administrator privileges via a crafted serialized payload.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
668
VMScore
CVE-2021-27649
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
578
VMScore
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.0-1502
Synology Office 2.2.1-1506
505
VMScore
CVE-2017-11155
An information exposure vulnerability in index.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to obtain sensitive system information via unspecified vectors.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »