Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified v...
Synology Diskstation Manager
6.5
CVSSv2
CVE-2021-43928
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station prior to 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecif...
Synology Mail Station
6.5
CVSSv2
CVE-2021-34809
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station prior to 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Download Station
6.5
CVSSv2
CVE-2021-34810
Improper privilege management vulnerability in cgi component in Synology Download Station prior to 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Download Station
6.5
CVSSv2
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Photo Station
6.5
CVSSv2
CVE-2021-33181
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station prior to 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
Synology Video Station
6.5
CVSSv2
CVE-2021-27648
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential prior to 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
6.5
CVSSv2
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 prior to 2.2.7.1 allow local malicious users to execute arbitrary code via filename and pathname options.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
Faad2 Project Faad2
6.5
CVSSv2
CVE-2019-11826
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments prior to 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
Synology Moments
6.5
CVSSv2
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
Synology Diskstation Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »