Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
312
VMScore
CVE-2018-8921
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive prior to 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
Synology Drive
356
VMScore
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
605
VMScore
CVE-2018-13298
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments prior to 1.2.3-199 allows man-in-the-middle malicious users to execute arbitrary code via unspecified vectors.
Synology Moments
NA
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) ...
Synology Diskstation Manager
312
VMScore
CVE-2019-11825
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar prior to 2.3.0-0615 allows remote malicious users to inject arbitrary web script or HTML via the title parameter.
Synology Calendar
578
VMScore
CVE-2019-11826
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments prior to 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
Synology Moments
312
VMScore
CVE-2019-11828
Cross-site scripting (XSS) vulnerability in Chart in Synology Office prior to 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Office
668
VMScore
CVE-2019-11829
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar prior to 2.3.1-0617 allows remote malicious users to execute arbitrary commands via the crafted 'X-Real-IP' header.
Synology Calendar
312
VMScore
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »