Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.9
CVSSv3
CVE-2021-33183
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker prior to 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Synology Docker
9.8
CVSSv3
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Media Server
9.8
CVSSv3
CVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess prior to 1.2.3-0234 allows remote malicious users to execute arbitrary SQL commands via the domain parameter.
Synology Safeaccess
1 Github repository
4.3
CVSSv3
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
Synology Calendar
4.9
CVSSv3
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server prior to 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Sso Server
9.8
CVSSv3
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote malicious users to execute arbitrary commands via unspecified vectors. The followi...
Synology Diskstation Manager
5.4
CVSSv3
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
5.4
CVSSv3
CVE-2018-8924
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office prior to 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
Synology Office
6.5
CVSSv3
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
5.3
CVSSv3
CVE-2018-13297
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive prior to 1.1.2-10562 allows remote malicious users to obtain sensitive system information via the dsm_path parameter.
Synology Drive
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »