Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Synology Media Server
4
CVSSv2
CVE-2021-33182
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
Synology Diskstation Manager
4
CVSSv2
CVE-2021-33184
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station prior to 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Download Station
6.5
CVSSv2
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Photo Station
6.5
CVSSv2
CVE-2021-33181
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station prior to 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
Synology Video Station
3.6
CVSSv2
CVE-2021-33183
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker prior to 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Synology Docker
5.8
CVSSv2
CVE-2021-31439
This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatal...
Synology Diskstation Manager
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netatalk Netatalk
6.5
CVSSv2
CVE-2021-27648
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential prior to 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
9
CVSSv2
CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
Synology Diskstation Manager
7.5
CVSSv2
CVE-2021-27646
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via crafted web requests.
Synology Diskstation Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »