← Back

Synology

synology

346 CVEs • 98 products

Products (98)

Click to collapse
Toggle
Diskstation Manager
diskstation_manager
97 CVEs
Router Manager
router_manager
59 CVEs
Photo Station
photo_station
33 CVEs
Surveillance Station
surveillance_station
25 CVEs
Vs960hd Firmware
vs960hd_firmware
22 CVEs
Diskstation Manager Unified Controller
diskstation_manager_unified_controller
20 CVEs
Skynas
skynas
16 CVEs
Skynas Firmware
skynas_firmware
13 CVEs
Calendar
calendar
11 CVEs
Bc500 Firmware
bc500_firmware
9 CVEs
Tc500 Firmware
tc500_firmware
9 CVEs
Active Backup For Business Agent
active_backup_for_business_agent
8 CVEs
Download Station
download_station
8 CVEs
Video Station
video_station
6 CVEs
Drive Server
drive_server
6 CVEs
Media Server
media_server
6 CVEs
Drive Client
drive_client
6 CVEs
Beedrive
beedrive
6 CVEs
Note Station
note_station
5 CVEs
Dns Server
dns_server
5 CVEs
Ssl Vpn Client
ssl_vpn_client
5 CVEs
Audio Station
audio_station
4 CVEs
Directory Server
directory_server
4 CVEs
Radius Server
radius_server
4 CVEs
Beestation Os
beestation_os
4 CVEs
Chat
chat
3 CVEs
Office
office
3 CVEs
Carddav Server
carddav_server
3 CVEs
File Station
file_station
3 CVEs
Mailplus Server
mailplus_server
3 CVEs
Virtual Diskstation Manager
virtual_diskstation_manager
3 CVEs
Dsm
dsm
2 CVEs
Assistant
assistant
2 CVEs
Sso Server
sso_server
2 CVEs
Application Service
application_service
2 CVEs
Moments
moments
2 CVEs
Safeaccess
safeaccess
2 CVEs
Presto File Server
presto_file_server
2 CVEs
Synology Photo Station
synology_photo_station
1 CVE
Ds Photo+
ds_photo+
1 CVE
Ds File
ds_file
1 CVE
Ds Audio
ds_audio
1 CVE
Cloud Station
cloud_station
1 CVE
Photo Station Uploader
photo_station_uploader
1 CVE
Cloud Station Backup
cloud_station_backup
1 CVE
Cloud Station Drive
cloud_station_drive
1 CVE
Virtual Machine Manager
virtual_machine_manager
1 CVE
Vs960hd
vs960hd
1 CVE
Vs360hd Firmware
vs360hd_firmware
1 CVE
Universal Search
universal_search
1 CVE
Ds107 Firmware
ds107_firmware
1 CVE
Ds213 Firmware
ds213_firmware
1 CVE
Ds116 Firmware
ds116_firmware
1 CVE
Web Station
web_station
1 CVE
Antivirus Essential
antivirus_essential
1 CVE
Docker
docker
1 CVE
Mail Station
mail_station
1 CVE
Webdav Server
webdav_server
1 CVE
Storage Analyzer
storage_analyzer
1 CVE
Usb Copy
usb_copy
1 CVE
Vpn Plus Server
vpn_plus_server
1 CVE
Photos
photos
1 CVE
Beephotos
beephotos
1 CVE
Unified Controller
unified_controller
1 CVE
Replication Service
replication_service
1 CVE
Cc400w Firmware
cc400w_firmware
1 CVE
Active Backup For Microsoft 365
active_backup_for_microsoft_365
1 CVE
Mail Server
mail_server
1 CVE
Presto Client
presto_client
1 CVE
Contacts
contacts
1 CVE
Storage Manager
storage_manager
1 CVE
Activeprotect Agent
activeprotect_agent
1 CVE
Safe Access
safe_access
1 CVE
C2 Identity Edge Server
c2_identity_edge_server
1 CVE
Active Backup For Business
active_backup_for_business
1 CVE
Disk Station Ds1010+
disk_station_ds1010+
0 CVEs
Disk Station Ds109
disk_station_ds109
0 CVEs
Disk Station Ds110+
disk_station_ds110+
0 CVEs
Disk Station Ds110j
disk_station_ds110j
0 CVEs
Disk Station Ds209
disk_station_ds209
0 CVEs
Disk Station Ds210+
disk_station_ds210+
0 CVEs
Disk Station Ds210j
disk_station_ds210j
0 CVEs
Disk Station Ds409slim
disk_station_ds409slim
0 CVEs
Disk Station Ds410
disk_station_ds410
0 CVEs
Disk Station Ds410j
disk_station_ds410j
0 CVEs
Disk Station Ds411+
disk_station_ds411+
0 CVEs
Disk Station Ds710+
disk_station_ds710+
0 CVEs
Vs360hd
vs360hd
0 CVEs
Ds107
ds107
0 CVEs
Ds213
ds213
0 CVEs
Ds116
ds116
0 CVEs
Uc3200
uc3200
0 CVEs
Ds3622xs+
ds3622xs+
0 CVEs
Fs3410
fs3410
0 CVEs
Hd6500
hd6500
0 CVEs
Bc500
bc500
0 CVEs
Tc500
tc500
0 CVEs
Cc400w
cc400w
0 CVEs

CVEs (346)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-43928
1Synology
1Mail Station
Nov 21, 2024
Feb 7, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated...Show more
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.Show less
CVE-2021-43927
1Synology
1Diskstation Manager
Jan 14, 2025
Feb 7, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers t...Show more
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.Show less
CVE-2021-43926
1Synology
1Diskstation Manager
Jan 14, 2025
Feb 7, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inj...Show more
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.Show less
CVE-2021-43925
1Synology
1Diskstation Manager
Jan 14, 2025
Feb 7, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inj...Show more
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.Show less
CVE-2022-22680
1Synology
1Diskstation Manager
Jan 14, 2025
Feb 7, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified ve...Show more
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.Show less
CVE-2021-29087
1Synology
2Diskstation Manager
Diskstation Manager Unified Controller
Jan 14, 2025
Jun 23, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.Show less
CVE-2021-29086
1Synology
2Diskstation Manager
Diskstation Manager Unified Controller
Jan 14, 2025
Jun 23, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecif...Show more
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.Show less
CVE-2021-29085
1Synology
2Diskstation Manager
Diskstation Manager Unified Controller
Jan 14, 2025
Jun 23, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remo...Show more
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.Show less
CVE-2021-29084
1Synology
2Diskstation Manager
Diskstation Manager Unified Controller
Jan 14, 2025
Jun 23, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3...Show more
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.Show less
CVE-2021-27649
1Synology
2Diskstation Manager
Diskstation Manager Unified Controller
Jan 14, 2025
Jun 23, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-34812
1Synology
1Calendar
Nov 21, 2024
Jun 18, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34811
1Synology
1Download Station
Nov 21, 2024
Jun 18, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2021-34810
1Synology
1Download Station
Nov 21, 2024
Jun 18, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34809
1Synology
1Download Station
Nov 21, 2024
Jun 18, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute...Show more
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.Show less
CVE-2021-34808
1Synology
1Media Server
Nov 21, 2024
Jun 18, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-29089
1Synology
1Photo Station
Nov 21, 2024
Jun 2, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQ...Show more
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.Show less
CVE-2021-29091
1Synology
1Photo Station
Nov 21, 2024
Jun 2, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.Show less
CVE-2021-29090
1Synology
1Photo Station
Nov 21, 2024
Jun 2, 2021
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL...Show more
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.Show less
CVE-2021-33184
1Synology
1Download Station
Nov 21, 2024
Jun 1, 2021
N/A· v4
7.7 HIGH· v3
4.0 MEDIUM· v2
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2021-33183
1Synology
1Docker
Nov 21, 2024
Jun 1, 2021
N/A· v4
7.9 HIGH· v3
3.6 LOW· v2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary file...Show more
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.Show less