Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-29087
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to write arbitrary files via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
5
CVSSv2
CVE-2021-29084
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary ...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
5
CVSSv2
CVE-2021-29085
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary files via u...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
5
CVSSv2
CVE-2018-7184
ntpd in ntp 4.2.8p4 prior to 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote malicious users to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting ...
Ntp Ntp 4.2.8
Synology Skynas -
Synology Router Manager 1.1
Synology Diskstation Manager 6.1
Synology Diskstation Manager 6.0
Synology Virtual Diskstation Manager -
Synology Diskstation Manager 5.2
Synology Vs960hd Firmware -
Slackware Slackware Linux 14.0
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.2
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Netapp Steelstore Cloud Integrated Storage -
Netapp Cloud Backup -
4
CVSSv2
CVE-2019-19344
There is a use-after-free issue in all samba 4.9.x versions prior to 4.9.18, all samba 4.10.x versions prior to 4.10.12 and all samba 4.11.x versions prior to 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Samba Samba
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Synology Skynas -
Synology Diskstation Manager 6.2
Synology Directory Server -
Synology Router Manager 1.2
Opensuse Leap 15.1
4
CVSSv2
CVE-2017-11148
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat prior to 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
Synology Chat
4.6
CVSSv2
CVE-2017-11157
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur3...
Synology Cloud Station Backup
4
CVSSv2
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar prior to 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Synology Calendar
3.5
CVSSv2
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar prior to 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Synology Calendar
NA
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Media Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »