Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-43927
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vect...
Synology Diskstation Manager
668
VMScore
CVE-2021-27649
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
668
VMScore
CVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Synology Media Server
668
VMScore
CVE-2021-27646
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via crafted web requests.
Synology Diskstation Manager
668
VMScore
CVE-2021-27647
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via crafted web requests.
Synology Diskstation Manager
668
VMScore
CVE-2020-27654
Improper access control vulnerability in lbd in Synology Router Manager (SRM) prior to 1.2.4-8081 allows remote malicious users to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
Synology Router Manager
668
VMScore
CVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) prior to 1.2.4-8081 allows remote malicious users to access restricted resources via inbound QuickConnect traffic.
Synology Router Manager
668
VMScore
CVE-2019-11829
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar prior to 2.3.1-0617 allows remote malicious users to execute arbitrary commands via the crafted 'X-Real-IP' header.
Synology Calendar
668
VMScore
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
668
VMScore
CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server prior to 1.7.6-2842 and prior to 1.4-2654 allows remote malicious users to execute arbitrary SQL commands via the ObjectID parameter.
Synology Media Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »