Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search prior to 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
Synology Universal Search
6.5
CVSSv2
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Synology Photo Station
6.5
CVSSv2
CVE-2017-12075
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Diskstation Manager
6.5
CVSSv2
CVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) prior to 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Router Manager
6.5
CVSSv2
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
Synology Photo Station
6.5
CVSSv2
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) prior to 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Synology Diskstation Manager
6.5
CVSSv2
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.0-1502
Synology Office 2.2.1-1506
6.5
CVSSv2
CVE-2017-11156
Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.5-2973
Synology Download Station 3.5-2970
Synology Download Station 3.5-2968
Synology Download Station 3.5-2967
Synology Download Station 3.4-2489
Synology Download Station 3.4-2486
Synology Download Station 3.4-2485
Synology Download Station 3.4-2480
Synology Download Station 3.4-2478
Synology Download Station 3.8.0-3416
Synology Download Station 3.5-2980
Synology Download Station 3.5-2963
Synology Download Station 3.5-2956
Synology Download Station 3.4-2555
Synology Download Station 3.4-2490
Synology Download Station 3.3-2386
Synology Download Station 3.3-2382
Synology Download Station 3.8.4-3468
Synology Download Station 3.8.3-3458
Synology Download Station 3.8.2-3455
Synology Download Station 3.5-2706
Synology Download Station 3.5-2705
6.5
CVSSv2
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to create arbitrary PHP scripts via the type parameter.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
6.5
CVSSv2
CVE-2016-10322
Synology Photo Station prior to 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
Synology Photo Station
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »