Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-2453
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote malicious users to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FT...
Synology Dsm 2.3-1144
Synology Dsm 2.3-1157
Synology Dsm 2.3-1161
Synology Dsm 2.2-1042
Synology Dsm 2.2-1045
Synology Dsm 2.3-1139
Synology Dsm 2.3-1141
Synology Dsm 3.0-1334
Synology Dsm 2.2-1041
Synology Dsm 2.2-0942
NA
CVE-2010-3684
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
Synology Dsm 2.2-1045
Synology Dsm 2.3-1139
Synology Dsm 2.3-1141
Synology Dsm 2.3-1144
Synology Dsm 2.3-1157
Synology Dsm 2.3-1161
Synology Dsm 2.2-1041
Synology Dsm 2.2-1042
Synology Dsm 2.2-0942
9.8
CVSSv3
CVE-2016-6554
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions before 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
Synology Ds107 Firmware
Synology Ds213 Firmware
Synology Ds116 Firmware
7.8
CVSSv3
CVE-2017-9552
A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user ...
Synology Photo Station 6.0-2636
Synology Photo Station 6.5.2-3225
Synology Photo Station 6.3-2963
Synology Photo Station 6.3-2962
Synology Photo Station 6.0-2640
Synology Photo Station 6.6.2-3346
Synology Photo Station 6.3-2965
Synology Photo Station 6.6.1-3346
Synology Photo Station 6.3-2964
Synology Photo Station 6.5.1-3223
Synology Photo Station 6.5.0-3218
Synology Photo Station 6.3-2944
Synology Photo Station 6.0-2528
Synology Photo Station 6.3-2958
Synology Photo Station 6.0-2638
Synology Photo Station 6.6.1-3345
Synology Photo Station 6.6.0-3339
Synology Photo Station 6.5.3-3226
Synology Photo Station 6.3-2960
Synology Photo Station 6.7.1-3419
Synology Photo Station 6.4-3166
Synology Photo Station 6.0-2639
5.4
CVSSv3
CVE-2015-9105
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 prior to 1.2-0455, 1.5 prior to 1.5-0772, and 1.6 prior to 1.6-0847 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) file name or (2) collection name of ...
Synology Video Station 1.6-0844
Synology Video Station 1.6-0840
Synology Video Station 1.5-0770
Synology Video Station 1.2-0439
Synology Video Station 1.2-0443
Synology Video Station 1.5-0763
Synology Video Station 1.5-0757
Synology Video Station 1.5-0754
Synology Video Station 1.5-0753
Synology Video Station 1.2-0453
Synology Video Station 1.6-0841
Synology Video Station 1.6-0835
Synology Video Station 1.2-0447
Synology Video Station 1.2-0451
5.9
CVSSv3
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows man-in-the-middle malicious users to obtain sensitive information via an HTTP session.
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
7.8
CVSSv3
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 prior to 2.2.7.1 allow local malicious users to execute arbitrary code via filename and pathname options.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
Faad2 Project Faad2
6.1
CVSSv3
CVE-2019-3870
A vulnerability was found in Samba from version (including) 4.9 to versions prior to 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only a...
Samba Samba
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Synology Diskstation Manager 5.2
Synology Diskstation Manager 6.1
Synology Diskstation Manager 6.2
Synology Directory Server -
Synology Router Manager 1.2
Synology Skynas Firmware -
Synology Vs960hd Firmware
5.4
CVSSv3
CVE-2015-9104
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 prior to 5.1-2550 and 5.4 prior to 5.4-2857 allows remote authenticated malicious users to inject arbitrary web script or HTML via the album title.
Synology Audio Station 5.4-2853
Synology Audio Station 5.1-2542
Synology Audio Station 5.1-2541
Synology Audio Station 5.1-2547
Synology Audio Station 5.1-2549
Synology Audio Station 5.4-2855
Synology Audio Station 5.4-2852
9.8
CVSSv3
CVE-2018-1160
Netatalk prior to 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Netatalk Netatalk
Synology Skynas -
Synology Diskstation Manager
Synology Router Manager
Synology Vs960hd Firmware -
Debian Debian Linux 9.0
1 EDB exploit
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »