Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-27618
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer prior to 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Storage Analyzer
5.9
CVSSv3
CVE-2022-27619
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client prior to 2.2.2-609 allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Synology Note Station
4.9
CVSSv3
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server prior to 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Sso Server
7.2
CVSSv3
CVE-2022-27616
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vect...
Synology Diskstation Manager
8.1
CVSSv3
CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station prior to 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Audio Station
8.8
CVSSv3
CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server prior to 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
Synology Carddav Server
7.5
CVSSv3
CVE-2022-27614
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Media Server
9.8
CVSSv3
CVE-2022-27612
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station prior to 6.5.4-3367 allows remote malicious users to execute arbitrary commands via unspecified vectors.
Synology Audio Station
8.8
CVSSv3
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecifi...
Synology Diskstation Manager
9.8
CVSSv3
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary code via unspecified vectors.
Synology Media Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »