← Back

Synology

synology

346 CVEs • 98 products

Products (98)

Click to collapse
Toggle
Diskstation Manager
diskstation_manager
97 CVEs
Router Manager
router_manager
59 CVEs
Photo Station
photo_station
33 CVEs
Surveillance Station
surveillance_station
25 CVEs
Vs960hd Firmware
vs960hd_firmware
22 CVEs
Diskstation Manager Unified Controller
diskstation_manager_unified_controller
20 CVEs
Skynas
skynas
16 CVEs
Skynas Firmware
skynas_firmware
13 CVEs
Calendar
calendar
11 CVEs
Bc500 Firmware
bc500_firmware
9 CVEs
Tc500 Firmware
tc500_firmware
9 CVEs
Active Backup For Business Agent
active_backup_for_business_agent
8 CVEs
Download Station
download_station
8 CVEs
Video Station
video_station
6 CVEs
Drive Server
drive_server
6 CVEs
Media Server
media_server
6 CVEs
Drive Client
drive_client
6 CVEs
Beedrive
beedrive
6 CVEs
Note Station
note_station
5 CVEs
Dns Server
dns_server
5 CVEs
Ssl Vpn Client
ssl_vpn_client
5 CVEs
Audio Station
audio_station
4 CVEs
Directory Server
directory_server
4 CVEs
Radius Server
radius_server
4 CVEs
Beestation Os
beestation_os
4 CVEs
Chat
chat
3 CVEs
Office
office
3 CVEs
Carddav Server
carddav_server
3 CVEs
File Station
file_station
3 CVEs
Mailplus Server
mailplus_server
3 CVEs
Virtual Diskstation Manager
virtual_diskstation_manager
3 CVEs
Dsm
dsm
2 CVEs
Assistant
assistant
2 CVEs
Sso Server
sso_server
2 CVEs
Application Service
application_service
2 CVEs
Moments
moments
2 CVEs
Safeaccess
safeaccess
2 CVEs
Presto File Server
presto_file_server
2 CVEs
Synology Photo Station
synology_photo_station
1 CVE
Ds Photo+
ds_photo+
1 CVE
Ds File
ds_file
1 CVE
Ds Audio
ds_audio
1 CVE
Cloud Station
cloud_station
1 CVE
Photo Station Uploader
photo_station_uploader
1 CVE
Cloud Station Backup
cloud_station_backup
1 CVE
Cloud Station Drive
cloud_station_drive
1 CVE
Virtual Machine Manager
virtual_machine_manager
1 CVE
Vs960hd
vs960hd
1 CVE
Vs360hd Firmware
vs360hd_firmware
1 CVE
Universal Search
universal_search
1 CVE
Ds107 Firmware
ds107_firmware
1 CVE
Ds213 Firmware
ds213_firmware
1 CVE
Ds116 Firmware
ds116_firmware
1 CVE
Web Station
web_station
1 CVE
Antivirus Essential
antivirus_essential
1 CVE
Docker
docker
1 CVE
Mail Station
mail_station
1 CVE
Webdav Server
webdav_server
1 CVE
Storage Analyzer
storage_analyzer
1 CVE
Usb Copy
usb_copy
1 CVE
Vpn Plus Server
vpn_plus_server
1 CVE
Photos
photos
1 CVE
Beephotos
beephotos
1 CVE
Unified Controller
unified_controller
1 CVE
Replication Service
replication_service
1 CVE
Cc400w Firmware
cc400w_firmware
1 CVE
Active Backup For Microsoft 365
active_backup_for_microsoft_365
1 CVE
Mail Server
mail_server
1 CVE
Presto Client
presto_client
1 CVE
Contacts
contacts
1 CVE
Storage Manager
storage_manager
1 CVE
Activeprotect Agent
activeprotect_agent
1 CVE
Safe Access
safe_access
1 CVE
C2 Identity Edge Server
c2_identity_edge_server
1 CVE
Active Backup For Business
active_backup_for_business
1 CVE
Disk Station Ds1010+
disk_station_ds1010+
0 CVEs
Disk Station Ds109
disk_station_ds109
0 CVEs
Disk Station Ds110+
disk_station_ds110+
0 CVEs
Disk Station Ds110j
disk_station_ds110j
0 CVEs
Disk Station Ds209
disk_station_ds209
0 CVEs
Disk Station Ds210+
disk_station_ds210+
0 CVEs
Disk Station Ds210j
disk_station_ds210j
0 CVEs
Disk Station Ds409slim
disk_station_ds409slim
0 CVEs
Disk Station Ds410
disk_station_ds410
0 CVEs
Disk Station Ds410j
disk_station_ds410j
0 CVEs
Disk Station Ds411+
disk_station_ds411+
0 CVEs
Disk Station Ds710+
disk_station_ds710+
0 CVEs
Vs360hd
vs360hd
0 CVEs
Ds107
ds107
0 CVEs
Ds213
ds213
0 CVEs
Ds116
ds116
0 CVEs
Uc3200
uc3200
0 CVEs
Ds3622xs+
ds3622xs+
0 CVEs
Fs3410
fs3410
0 CVEs
Hd6500
hd6500
0 CVEs
Bc500
bc500
0 CVEs
Tc500
tc500
0 CVEs
Cc400w
cc400w
0 CVEs

CVEs (346)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-9494
5Fedoraproject
FreebsdOpensuse+2 more
8Backports Sle
FedoraFreebsd+5 more
Nov 21, 2024
Apr 17, 2019
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information f...Show more
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.Show less
CVE-2019-3870
3Fedoraproject
SambaSynology
7Directory Server
Diskstation ManagerFedora+4 more
Jan 14, 2025
Apr 9, 2019
N/A· v4
6.1 MEDIUM· v3
3.6 LOW· v2
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This dir...Show more
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.Show less
CVE-2018-8913
1Synology
1Web Station
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
CVE-2018-13299
1Synology
1Calendar
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
CVE-2018-13298
1Synology
1Moments
Nov 21, 2024
Apr 1, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2018-13297
1Synology
1Drive Server
Nov 21, 2024
Apr 1, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
CVE-2018-13296
1Synology
1Mailplus Server
Nov 21, 2024
Apr 1, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
CVE-2018-13295
1Synology
1Application Service
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.
CVE-2018-13294
1Synology
1Application Service
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
CVE-2018-13293
1Synology
1Diskstation Manager
Jan 14, 2025
Apr 1, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL paramet...Show more
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.Show less
CVE-2018-13292
1Synology
1Router Manager
Nov 21, 2024
Apr 1, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13291
1Synology
1Diskstation Manager
Jan 14, 2025
Apr 1, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configurati...Show more
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.Show less
CVE-2018-13290
1Synology
1Router Manager
Nov 21, 2024
Apr 1, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via...Show more
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.Show less
CVE-2018-13289
1Synology
1Router Manager
Nov 21, 2024
Apr 1, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path paramete...Show more
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.Show less
CVE-2018-13288
1Synology
1File Station
Nov 21, 2024
Apr 1, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_p...Show more
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.Show less
CVE-2018-13287
1Synology
1Router Manager
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13286
1Synology
1Diskstation Manager
Jan 14, 2025
Apr 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...Show more
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.Show less
CVE-2018-13285
1Synology
1Router Manager
Nov 21, 2024
Apr 1, 2019
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2018-13284
1Synology
1Diskstation Manager
Jan 14, 2025
Apr 1, 2019
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2018-13283
1Synology
1Ssl Vpn Client
Nov 21, 2024
Apr 1, 2019
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3)...Show more
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.Show less