synology vulnerabilities and exploits

(subscribe to this query)

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) prior to 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

Synology Skynas -Synology Vs960hd -Synology Diskstation Manager Synology Diskstation Manager 5.2 Synology Diskstation Manager 6.0

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote malicious users to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FT...

Synology Dsm 2.2-0942 Synology Dsm 2.2-1041 Synology Dsm 2.2-1042 Synology Dsm 2.2-1045 Synology Dsm 2.3-1139 Synology Dsm 2.3-1141 Synology Dsm 2.3-1144 Synology Dsm 2.3-1157 Synology Dsm 2.3-1161 Synology Dsm 3.0-1334

Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

Synology Download Station 3.2-2295 Synology Download Station 3.3-2382 Synology Download Station 3.3-2383 Synology Download Station 3.3-2386 Synology Download Station 3.4-2477 Synology Download Station 3.4-2478 Synology Download Station 3.4-2480 Synology Download Station 3.4-2485 Synology Download Station 3.4-2486 Synology Download Station 3.4-2489 Synology Download Station 3.4-2490 Synology Download Station 3.4-2514

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

Synology Download Station 3.2-2295 Synology Download Station 3.3-2382 Synology Download Station 3.3-2383 Synology Download Station 3.3-2386 Synology Download Station 3.4-2477 Synology Download Station 3.4-2478 Synology Download Station 3.4-2480 Synology Download Station 3.4-2485 Synology Download Station 3.4-2486 Synology Download Station 3.4-2489 Synology Download Station 3.4-2490 Synology Download Station 3.4-2514

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

Synology Dsm 2.2-0942 Synology Dsm 2.2-1041 Synology Dsm 2.2-1042 Synology Dsm 2.2-1045 Synology Dsm 2.3-1139 Synology Dsm 2.3-1141 Synology Dsm 2.3-1144 Synology Dsm 2.3-1157 Synology Dsm 2.3-1161

A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user ...

Synology Photo Station 6.0-2528 Synology Photo Station 6.0-2636 Synology Photo Station 6.0-2638 Synology Photo Station 6.0-2639 Synology Photo Station 6.0-2640 Synology Photo Station 6.3-2944 Synology Photo Station 6.3-2958 Synology Photo Station 6.3-2960 Synology Photo Station 6.3-2962 Synology Photo Station 6.3-2963 Synology Photo Station 6.3-2964 Synology Photo Station 6.3-2965

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) prior to 7.2-64561 allows remote malicious users to obtain user credential via unspecified vectors.

Synology Diskstation Manager (dsm)Synology Unified Controller (dsmuc)Synology Synology Router Manager (srm)Synology Diskstation Manager Unified Controller 3.1 Synology Router Manager Synology Router Manager 1.3.1-9346 Synology Diskstation Manager

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspeci...

Synology Diskstation Manager (dsm)Synology Unified Controller (dsmuc)Synology Synology Router Manager (srm)Synology Diskstation Manager Unified Controller 3.1 Synology Router Manager Synology Router Manager 1.3.1-9346 Synology Diskstation Manager

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 prior to 1.2-0455, 1.5 prior to 1.5-0772, and 1.6 prior to 1.6-0847 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) file name or (2) collection name of ...

Synology Video Station 1.2-0439 Synology Video Station 1.2-0443 Synology Video Station 1.2-0447 Synology Video Station 1.2-0451 Synology Video Station 1.2-0453 Synology Video Station 1.5-0753 Synology Video Station 1.5-0754 Synology Video Station 1.5-0757 Synology Video Station 1.5-0763 Synology Video Station 1.5-0770 Synology Video Station 1.6-0835 Synology Video Station 1.6-0840

client_chown in the sync client in Synology Cloud Station 1.1-2291 up to and including 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Synology Cloud Station 1.1-2291 Synology Cloud Station 2.0-2291 Synology Cloud Station 2.0-2402 Synology Cloud Station 2.1-2561 Synology Cloud Station 2.1-2570 Synology Cloud Station 2.1-2577 Synology Cloud Station 3.0-3005 Synology Cloud Station 3.0-3103 Synology Cloud Station 3.0-3108 Synology Cloud Station 3.0-3109 Synology Cloud Station 3.0-3111 Synology Cloud Station 3.1-3317

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook