Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
Synology Calendar
NA
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server prior to 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Sso Server
NA
CVE-2022-27621
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy prior to 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
Synology Usb Copy
NA
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via unspecified vectors. The followi...
Synology Diskstation Manager
NA
CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via unspecified vectors. The follow...
Synology Diskstation Manager
NA
CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via u...
Synology Diskstation Manager
4
CVSSv2
CVE-2017-15886
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat prior to 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
Synology Chat
4
CVSSv2
CVE-2017-15891
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar prior to 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
Synology Calendar
2.1
CVSSv2
CVE-2019-11820
Information exposure through process environment vulnerability in Synology Calendar prior to 2.3.3-0620 allows local users to obtain credentials via cmdline.
Synology Calendar
3.5
CVSSv2
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »