Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-13297
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive prior to 1.1.2-10562 allows remote malicious users to obtain sensitive system information via the dsm_path parameter.
Synology Drive
8.1
CVSSv3
CVE-2018-13298
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments prior to 1.2.3-199 allows man-in-the-middle malicious users to execute arbitrary code via unspecified vectors.
Synology Moments
6.5
CVSSv3
CVE-2018-13299
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar prior to 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
Synology Calendar
4.8
CVSSv3
CVE-2020-27659
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess prior to 1.2.3-0234 allow remote malicious users to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
Synology Safeaccess
1 Github repository
9.8
CVSSv3
CVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess prior to 1.2.3-0234 allows remote malicious users to execute arbitrary SQL commands via the domain parameter.
Synology Safeaccess
1 Github repository
6.5
CVSSv3
CVE-2017-11148
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat prior to 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
Synology Chat
7.8
CVSSv3
CVE-2017-11157
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur3...
Synology Cloud Station Backup
7.8
CVSSv3
CVE-2017-11158
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32...
Synology Cloud Station Drive
7.8
CVSSv3
CVE-2017-11159
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader prior to 1.4.2-084 on Windows allows local malicious users to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.d...
Synology Photo Station Uploader
7.8
CVSSv3
CVE-2017-11160
Multiple untrusted search path vulnerabilities in installer in Synology Assistant prior to 6.1-15163 on Windows allows local malicious users to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwm...
Synology Assistant
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »