Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess prior to 1.2.3-0234 allows remote malicious users to execute arbitrary SQL commands via the domain parameter.
Synology Safeaccess
1 Github repository
312
VMScore
CVE-2020-27659
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess prior to 1.2.3-0234 allow remote malicious users to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
Synology Safeaccess
1 Github repository
409
VMScore
CVE-2017-11158
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32...
Synology Cloud Station Drive
409
VMScore
CVE-2017-11159
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader prior to 1.4.2-084 on Windows allows local malicious users to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.d...
Synology Photo Station Uploader
409
VMScore
CVE-2017-11160
Multiple untrusted search path vulnerabilities in installer in Synology Assistant prior to 6.1-15163 on Windows allows local malicious users to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwm...
Synology Assistant
356
VMScore
CVE-2017-11148
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat prior to 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
Synology Chat
409
VMScore
CVE-2017-11157
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup prior to 4.2.5-4396 on Windows allow local malicious users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur3...
Synology Cloud Station Backup
445
VMScore
CVE-2021-34812
Use of hard-coded credentials vulnerability in php component in Synology Calendar prior to 2.4.0-0761 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Calendar
NA
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) ...
Synology Diskstation Manager
NA
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server prior to 1.4.3-0534 and 1.4.4-0635 allows remote malicious users to execute arbitrary commands via unspecified vectors.
Synology Vpn Plus Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »