Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-22685
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server prior to 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Webdav Server
NA
CVE-2022-27615
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server prior to 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Dns Server
NA
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2022-22686
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Synology Calendar
312
VMScore
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
446
VMScore
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
668
VMScore
CVE-2022-22687
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
580
VMScore
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified v...
Synology Diskstation Manager
802
VMScore
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions before 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow ou...
Samba Samba
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 21.10
Synology Diskstation Manager
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Resilient Storage 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux 8.0
3 Github repositories
1 Article
578
VMScore
CVE-2021-43928
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station prior to 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecif...
Synology Mail Station
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »