← Back

Synology

synology

346 CVEs • 98 products

Products (98)

Click to collapse
Toggle
Diskstation Manager
diskstation_manager
97 CVEs
Router Manager
router_manager
59 CVEs
Photo Station
photo_station
33 CVEs
Surveillance Station
surveillance_station
25 CVEs
Vs960hd Firmware
vs960hd_firmware
22 CVEs
Diskstation Manager Unified Controller
diskstation_manager_unified_controller
20 CVEs
Skynas
skynas
16 CVEs
Skynas Firmware
skynas_firmware
13 CVEs
Calendar
calendar
11 CVEs
Bc500 Firmware
bc500_firmware
9 CVEs
Tc500 Firmware
tc500_firmware
9 CVEs
Active Backup For Business Agent
active_backup_for_business_agent
8 CVEs
Download Station
download_station
8 CVEs
Video Station
video_station
6 CVEs
Drive Server
drive_server
6 CVEs
Media Server
media_server
6 CVEs
Drive Client
drive_client
6 CVEs
Beedrive
beedrive
6 CVEs
Note Station
note_station
5 CVEs
Dns Server
dns_server
5 CVEs
Ssl Vpn Client
ssl_vpn_client
5 CVEs
Audio Station
audio_station
4 CVEs
Directory Server
directory_server
4 CVEs
Radius Server
radius_server
4 CVEs
Beestation Os
beestation_os
4 CVEs
Chat
chat
3 CVEs
Office
office
3 CVEs
Carddav Server
carddav_server
3 CVEs
File Station
file_station
3 CVEs
Mailplus Server
mailplus_server
3 CVEs
Virtual Diskstation Manager
virtual_diskstation_manager
3 CVEs
Dsm
dsm
2 CVEs
Assistant
assistant
2 CVEs
Sso Server
sso_server
2 CVEs
Application Service
application_service
2 CVEs
Moments
moments
2 CVEs
Safeaccess
safeaccess
2 CVEs
Presto File Server
presto_file_server
2 CVEs
Synology Photo Station
synology_photo_station
1 CVE
Ds Photo+
ds_photo+
1 CVE
Ds File
ds_file
1 CVE
Ds Audio
ds_audio
1 CVE
Cloud Station
cloud_station
1 CVE
Photo Station Uploader
photo_station_uploader
1 CVE
Cloud Station Backup
cloud_station_backup
1 CVE
Cloud Station Drive
cloud_station_drive
1 CVE
Virtual Machine Manager
virtual_machine_manager
1 CVE
Vs960hd
vs960hd
1 CVE
Vs360hd Firmware
vs360hd_firmware
1 CVE
Universal Search
universal_search
1 CVE
Ds107 Firmware
ds107_firmware
1 CVE
Ds213 Firmware
ds213_firmware
1 CVE
Ds116 Firmware
ds116_firmware
1 CVE
Web Station
web_station
1 CVE
Antivirus Essential
antivirus_essential
1 CVE
Docker
docker
1 CVE
Mail Station
mail_station
1 CVE
Webdav Server
webdav_server
1 CVE
Storage Analyzer
storage_analyzer
1 CVE
Usb Copy
usb_copy
1 CVE
Vpn Plus Server
vpn_plus_server
1 CVE
Photos
photos
1 CVE
Beephotos
beephotos
1 CVE
Unified Controller
unified_controller
1 CVE
Replication Service
replication_service
1 CVE
Cc400w Firmware
cc400w_firmware
1 CVE
Active Backup For Microsoft 365
active_backup_for_microsoft_365
1 CVE
Mail Server
mail_server
1 CVE
Presto Client
presto_client
1 CVE
Contacts
contacts
1 CVE
Storage Manager
storage_manager
1 CVE
Activeprotect Agent
activeprotect_agent
1 CVE
Safe Access
safe_access
1 CVE
C2 Identity Edge Server
c2_identity_edge_server
1 CVE
Active Backup For Business
active_backup_for_business
1 CVE
Disk Station Ds1010+
disk_station_ds1010+
0 CVEs
Disk Station Ds109
disk_station_ds109
0 CVEs
Disk Station Ds110+
disk_station_ds110+
0 CVEs
Disk Station Ds110j
disk_station_ds110j
0 CVEs
Disk Station Ds209
disk_station_ds209
0 CVEs
Disk Station Ds210+
disk_station_ds210+
0 CVEs
Disk Station Ds210j
disk_station_ds210j
0 CVEs
Disk Station Ds409slim
disk_station_ds409slim
0 CVEs
Disk Station Ds410
disk_station_ds410
0 CVEs
Disk Station Ds410j
disk_station_ds410j
0 CVEs
Disk Station Ds411+
disk_station_ds411+
0 CVEs
Disk Station Ds710+
disk_station_ds710+
0 CVEs
Vs360hd
vs360hd
0 CVEs
Ds107
ds107
0 CVEs
Ds213
ds213
0 CVEs
Ds116
ds116
0 CVEs
Uc3200
uc3200
0 CVEs
Ds3622xs+
ds3622xs+
0 CVEs
Fs3410
fs3410
0 CVEs
Hd6500
hd6500
0 CVEs
Bc500
bc500
0 CVEs
Tc500
tc500
0 CVEs
Cc400w
cc400w
0 CVEs

CVEs (346)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-19344
4Canonical
OpensuseSamba+1 more
7Directory Server
Diskstation ManagerLeap+4 more
Jan 14, 2025
Jan 21, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local va...Show more
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.Show less
CVE-2019-14907
6Canonical
DebianFedoraproject+3 more
10Debian Linux
Directory ServerDiskstation Manager+7 more
Jan 14, 2025
Jan 21, 2020
N/A· v4
6.5 MEDIUM· v3
2.6 LOW· v2
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character c...Show more
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).Show less
CVE-2019-9518
11Apache
AppleCanonical+8 more
18Debian Linux
Diskstation ManagerEnterprise Linux+15 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These fra...Show more
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.Show less
CVE-2019-9517
12Apache
AppleCanonical+9 more
23Clustered Data Ontap
Communications Element ManagerDebian Linux+20 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they...Show more
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.Show less
CVE-2019-9516
12Apache
AppleCanonical+9 more
19Debian Linux
Diskstation ManagerEnterprise Linux+16 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman en...Show more
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.Show less
CVE-2019-9515
12Apache
AppleCanonical+9 more
22Big Ip Local Traffic Manager
Debian LinuxDiskstation Manager+19 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one...Show more
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.Show less
CVE-2019-9514
13Apache
AppleCanonical+10 more
28Big Ip Local Traffic Manager
Cloud InsightsDebian Linux+25 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream o...Show more
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.Show less
CVE-2019-9513
12Apache
AppleCanonical+9 more
20Debian Linux
Diskstation ManagerEnterprise Communications Broker+17 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that c...Show more
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.Show less
CVE-2019-9511
12Apache
AppleCanonical+9 more
20Debian Linux
Diskstation ManagerEnterprise Communications Broker+17 more
Jan 14, 2025
Aug 13, 2019
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified res...Show more
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.Show less
CVE-2019-11829
1Synology
1Calendar
Nov 21, 2024
Jun 30, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
CVE-2019-11828
1Synology
1Office
Nov 21, 2024
Jun 30, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-11827
1Synology
1Note Station
Nov 21, 2024
Jun 30, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVE-2019-11826
1Synology
1Moments
Nov 21, 2024
Jun 30, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
CVE-2019-11825
1Synology
1Calendar
Nov 21, 2024
Jun 30, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2019-11822
1Synology
1Photo Station
Nov 21, 2024
Jun 30, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
CVE-2019-11821
1Synology
1Photo Station
Nov 21, 2024
Jun 30, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
CVE-2019-11820
1Synology
1Calendar
Nov 21, 2024
May 9, 2019
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
CVE-2019-9499
6Debian
FedoraprojectFreebsd+3 more
9Backports Sle
Debian LinuxFedora+6 more
Nov 21, 2024
Apr 17, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacke...Show more
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.Show less
CVE-2019-9498
6Debian
FedoraprojectFreebsd+3 more
9Backports Sle
Debian LinuxFedora+6 more
Nov 21, 2024
Apr 17, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may...Show more
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.Show less
CVE-2019-9495
6Debian
FedoraprojectFreebsd+3 more
9Backports Sle
Debian LinuxFedora+6 more
Nov 21, 2024
Apr 17, 2019
N/A· v4
3.7 LOW· v3
4.3 MEDIUM· v2
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. Th...Show more
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.Show less