Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
454
VMScore
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
445
VMScore
CVE-2021-29085
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary files via u...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
655
VMScore
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to create arbitrary PHP scripts via the type parameter.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
755
VMScore
CVE-2017-11151
A vulnerability in synotheme_upload.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to upload arbitrary files without authentication via the logo_upload action.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
445
VMScore
CVE-2021-29084
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary ...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29086
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
445
VMScore
CVE-2021-29087
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to write arbitrary files via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
668
VMScore
CVE-2021-27649
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
578
VMScore
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
Synology Office 2.2.0-1502
Synology Office 2.2.1-1506
505
VMScore
CVE-2017-11152
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to write arbitrary files via the path parameter.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »