Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via u...
Synology Diskstation Manager
5.4
CVSSv3
CVE-2018-8910
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive prior to 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Synology Drive
5.4
CVSSv3
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
5.4
CVSSv3
CVE-2018-8921
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive prior to 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
Synology Drive
10
CVSSv3
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server prior to 1.4.3-0534 and 1.4.4-0635 allows remote malicious users to execute arbitrary commands via unspecified vectors.
Synology Vpn Plus Server
5.4
CVSSv3
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
9.8
CVSSv3
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Media Server
8
CVSSv3
CVE-2022-22686
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Synology Calendar
5.4
CVSSv3
CVE-2018-8924
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office prior to 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
Synology Office
6.5
CVSSv3
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »