Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2017-16766
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) prior to 6.1.4-15217 and prior to 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
Synology Diskstation Manager
5.8
CVSSv2
CVE-2021-31439
This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatal...
Synology Diskstation Manager
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netatalk Netatalk
5.8
CVSSv2
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows man-in-the-middle malicious users to spoof servers via an HTTP session.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
5.8
CVSSv2
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows man-in-the-middle malicious users to spoof servers via an HTTP session.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
5.8
CVSSv2
CVE-2018-13283
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client prior to 1.2.5-0226 allows remote malicious users to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
Synology Ssl Vpn Client
5.8
CVSSv2
CVE-2017-16775
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server prior to 2.1.3-0129 allows remote malicious users to conduct clickjacking attacks via unspecified vectors.
Synology Sso Server
5.8
CVSSv2
CVE-2018-8913
Missing custom error page vulnerability in Synology Web Station prior to 2.1.3-0139 allows remote malicious users to conduct phishing attacks via a crafted URL.
Synology Web Station
5.4
CVSSv2
CVE-2014-6868
The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Ds Audio 3.4
5.4
CVSSv2
CVE-2014-6848
The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Ds File 4.1.1
5.4
CVSSv2
CVE-2014-6836
The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Ds Photo\\+ 3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »