Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-11158
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32...
Synology Cloud Station Drive
7.9
CVSSv3
CVE-2021-33183
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker prior to 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Synology Docker
9.8
CVSSv3
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Media Server
8
CVSSv3
CVE-2022-22686
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar prior to 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Synology Calendar
6.5
CVSSv3
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
5.5
CVSSv3
CVE-2019-11820
Information exposure through process environment vulnerability in Synology Calendar prior to 2.3.3-0620 allows local users to obtain credentials via cmdline.
Synology Calendar
5.4
CVSSv3
CVE-2019-11825
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar prior to 2.3.0-0615 allows remote malicious users to inject arbitrary web script or HTML via the title parameter.
Synology Calendar
5.4
CVSSv3
CVE-2018-8910
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive prior to 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Synology Drive
5.4
CVSSv3
CVE-2018-8915
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar prior to 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Synology Calendar
5.4
CVSSv3
CVE-2018-8921
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive prior to 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
Synology Drive
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »