Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29238
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
NA
CVE-2024-29239
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands...
NA
CVE-2024-29240
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
NA
CVE-2024-29241
Missing authorization vulnerability in System webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
NA
CVE-2024-29227
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via uns...
NA
CVE-2024-0854
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) prior to 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2023-5748
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client prior to 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
Synology Ssl Vpn Client
NA
CVE-2023-5746
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote malicious users to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions prior to 1.0.5-0185 may be affecte...
Synology Bc500 Firmware
Synology Tc500 Firmware
NA
CVE-2023-41739
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
Synology Router Manager
NA
CVE-2023-41740
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote malicious users to read specific files via unspecified vectors.
Synology Router Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »