← Back

Synology

synology

346 CVEs • 98 products

Products (98)

Click to collapse
Toggle
Diskstation Manager
diskstation_manager
97 CVEs
Router Manager
router_manager
59 CVEs
Photo Station
photo_station
33 CVEs
Surveillance Station
surveillance_station
25 CVEs
Vs960hd Firmware
vs960hd_firmware
22 CVEs
Diskstation Manager Unified Controller
diskstation_manager_unified_controller
20 CVEs
Skynas
skynas
16 CVEs
Skynas Firmware
skynas_firmware
13 CVEs
Calendar
calendar
11 CVEs
Bc500 Firmware
bc500_firmware
9 CVEs
Tc500 Firmware
tc500_firmware
9 CVEs
Active Backup For Business Agent
active_backup_for_business_agent
8 CVEs
Download Station
download_station
8 CVEs
Video Station
video_station
6 CVEs
Drive Server
drive_server
6 CVEs
Media Server
media_server
6 CVEs
Drive Client
drive_client
6 CVEs
Beedrive
beedrive
6 CVEs
Note Station
note_station
5 CVEs
Dns Server
dns_server
5 CVEs
Ssl Vpn Client
ssl_vpn_client
5 CVEs
Audio Station
audio_station
4 CVEs
Directory Server
directory_server
4 CVEs
Radius Server
radius_server
4 CVEs
Beestation Os
beestation_os
4 CVEs
Chat
chat
3 CVEs
Office
office
3 CVEs
Carddav Server
carddav_server
3 CVEs
File Station
file_station
3 CVEs
Mailplus Server
mailplus_server
3 CVEs
Virtual Diskstation Manager
virtual_diskstation_manager
3 CVEs
Dsm
dsm
2 CVEs
Assistant
assistant
2 CVEs
Sso Server
sso_server
2 CVEs
Application Service
application_service
2 CVEs
Moments
moments
2 CVEs
Safeaccess
safeaccess
2 CVEs
Presto File Server
presto_file_server
2 CVEs
Synology Photo Station
synology_photo_station
1 CVE
Ds Photo+
ds_photo+
1 CVE
Ds File
ds_file
1 CVE
Ds Audio
ds_audio
1 CVE
Cloud Station
cloud_station
1 CVE
Photo Station Uploader
photo_station_uploader
1 CVE
Cloud Station Backup
cloud_station_backup
1 CVE
Cloud Station Drive
cloud_station_drive
1 CVE
Virtual Machine Manager
virtual_machine_manager
1 CVE
Vs960hd
vs960hd
1 CVE
Vs360hd Firmware
vs360hd_firmware
1 CVE
Universal Search
universal_search
1 CVE
Ds107 Firmware
ds107_firmware
1 CVE
Ds213 Firmware
ds213_firmware
1 CVE
Ds116 Firmware
ds116_firmware
1 CVE
Web Station
web_station
1 CVE
Antivirus Essential
antivirus_essential
1 CVE
Docker
docker
1 CVE
Mail Station
mail_station
1 CVE
Webdav Server
webdav_server
1 CVE
Storage Analyzer
storage_analyzer
1 CVE
Usb Copy
usb_copy
1 CVE
Vpn Plus Server
vpn_plus_server
1 CVE
Photos
photos
1 CVE
Beephotos
beephotos
1 CVE
Unified Controller
unified_controller
1 CVE
Replication Service
replication_service
1 CVE
Cc400w Firmware
cc400w_firmware
1 CVE
Active Backup For Microsoft 365
active_backup_for_microsoft_365
1 CVE
Mail Server
mail_server
1 CVE
Presto Client
presto_client
1 CVE
Contacts
contacts
1 CVE
Storage Manager
storage_manager
1 CVE
Activeprotect Agent
activeprotect_agent
1 CVE
Safe Access
safe_access
1 CVE
C2 Identity Edge Server
c2_identity_edge_server
1 CVE
Active Backup For Business
active_backup_for_business
1 CVE
Disk Station Ds1010+
disk_station_ds1010+
0 CVEs
Disk Station Ds109
disk_station_ds109
0 CVEs
Disk Station Ds110+
disk_station_ds110+
0 CVEs
Disk Station Ds110j
disk_station_ds110j
0 CVEs
Disk Station Ds209
disk_station_ds209
0 CVEs
Disk Station Ds210+
disk_station_ds210+
0 CVEs
Disk Station Ds210j
disk_station_ds210j
0 CVEs
Disk Station Ds409slim
disk_station_ds409slim
0 CVEs
Disk Station Ds410
disk_station_ds410
0 CVEs
Disk Station Ds410j
disk_station_ds410j
0 CVEs
Disk Station Ds411+
disk_station_ds411+
0 CVEs
Disk Station Ds710+
disk_station_ds710+
0 CVEs
Vs360hd
vs360hd
0 CVEs
Ds107
ds107
0 CVEs
Ds213
ds213
0 CVEs
Ds116
ds116
0 CVEs
Uc3200
uc3200
0 CVEs
Ds3622xs+
ds3622xs+
0 CVEs
Fs3410
fs3410
0 CVEs
Hd6500
hd6500
0 CVEs
Bc500
bc500
0 CVEs
Tc500
tc500
0 CVEs
Cc400w
cc400w
0 CVEs

CVEs (346)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-41739
1Synology
1Router Manager
Nov 21, 2024
Aug 31, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41738
1Synology
1Router Manager
Nov 21, 2024
Aug 31, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated...Show more
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.Show less
CVE-2023-2729
1Synology
3Diskstation Manager
Diskstation Manager Unified ControllerRouter Manager
Jan 14, 2025
Jun 13, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
CVE-2023-0142
1Synology
3Diskstation Manager
Diskstation Manager Unified ControllerRouter Manager
Jan 14, 2025
Jun 13, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrat...Show more
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.Show less
CVE-2023-32956
1Synology
1Router Manager
Nov 21, 2024
May 16, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to e...Show more
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2023-32955
1Synology
1Router Manager
Nov 21, 2024
May 16, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-th...Show more
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.Show less
CVE-2023-0077
1Synology
1Router Manager
Nov 21, 2024
Jan 5, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
CVE-2022-43932
1Synology
1Router Manager
Nov 21, 2024
Jan 5, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attack...Show more
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.Show less
CVE-2022-43931
1Synology
1Vpn Plus Server
Nov 21, 2024
Jan 3, 2023
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-43749
1Synology
1Presto File Server
Nov 21, 2024
Oct 26, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
CVE-2022-43748
1Synology
1Presto File Server
Nov 21, 2024
Oct 26, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.Show less
CVE-2022-27623
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 25, 2022
N/A· v4
9.1 CRITICAL· v3
N/A· v2
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified...Show more
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.Show less
CVE-2022-27622
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 25, 2022
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vecto...Show more
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.Show less
CVE-2022-3576
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 20, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The fol...Show more
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.Show less
CVE-2022-27626
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 20, 2022
N/A· v4
8.1 HIGH· v3
N/A· v2
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote a...Show more
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.Show less
CVE-2022-27625
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 20, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute...Show more
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.Show less
CVE-2022-27624
1Synology
1Diskstation Manager
Jan 14, 2025
Oct 20, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute a...Show more
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.Show less
CVE-2022-27621
1Synology
1Usb Copy
Jan 14, 2025
Aug 3, 2022
N/A· v4
3.8 LOW· v3
N/A· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files v...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.Show less
CVE-2022-27620
1Synology
1Sso Server
Jan 14, 2025
Aug 3, 2022
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unsp...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.Show less
CVE-2022-27619
1Synology
1Note Station
Nov 21, 2024
Aug 3, 2022
N/A· v4
5.9 MEDIUM· v3
N/A· v2
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecifi...Show more
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.Show less