Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29238
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
NA
CVE-2024-29239
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands...
NA
CVE-2024-29240
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
NA
CVE-2024-29241
Missing authorization vulnerability in System webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
NA
CVE-2024-29227
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via uns...
5.4
CVSSv3
CVE-2024-0854
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) prior to 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
Synology Diskstation Manager
5.5
CVSSv3
CVE-2023-5748
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client prior to 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
Synology Ssl Vpn Client
9.8
CVSSv3
CVE-2023-5746
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote malicious users to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions prior to 1.0.5-0185 may be affecte...
Synology Bc500 Firmware
Synology Tc500 Firmware
8.8
CVSSv3
CVE-2023-41738
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecif...
Synology Router Manager
7.5
CVSSv3
CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Router Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »