Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
Synology Diskstation Manager
578
VMScore
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search prior to 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
Synology Universal Search
578
VMScore
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Synology Photo Station
578
VMScore
CVE-2017-12075
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Diskstation Manager
578
VMScore
CVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) prior to 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Router Manager
578
VMScore
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
Synology Photo Station
578
VMScore
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) prior to 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Synology Diskstation Manager
578
VMScore
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.1-1506
Synology Office 2.2.0-1502
578
VMScore
CVE-2017-11156
Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.4-2514
Synology Download Station 3.5-2956
Synology Download Station 3.4-2485
Synology Download Station 3.5-2955
Synology Download Station 3.4-2555
Synology Download Station 3.5-2982
Synology Download Station 3.5-2962
Synology Download Station 3.4-2558
Synology Download Station 3.5-2706
Synology Download Station 3.5-2638
Synology Download Station 3.4-2480
Synology Download Station 3.5-2705
Synology Download Station 3.5-2970
Synology Download Station 3.2-2295
Synology Download Station 3.8.1-3420
Synology Download Station 3.5-2968
Synology Download Station 3.8.4-3468
Synology Download Station 3.8.0-3416
Synology Download Station 3.4-2489
Synology Download Station 3.5-2980
Synology Download Station 3.8.3-3458
Synology Download Station 3.5-2973
578
VMScore
CVE-2016-10322
Synology Photo Station prior to 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
Synology Photo Station
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »