← Back

Synology

synology

346 CVEs • 98 products

Products (98)

Click to collapse
Toggle
Diskstation Manager
diskstation_manager
97 CVEs
Router Manager
router_manager
59 CVEs
Photo Station
photo_station
33 CVEs
Surveillance Station
surveillance_station
25 CVEs
Vs960hd Firmware
vs960hd_firmware
22 CVEs
Diskstation Manager Unified Controller
diskstation_manager_unified_controller
20 CVEs
Skynas
skynas
16 CVEs
Skynas Firmware
skynas_firmware
13 CVEs
Calendar
calendar
11 CVEs
Bc500 Firmware
bc500_firmware
9 CVEs
Tc500 Firmware
tc500_firmware
9 CVEs
Active Backup For Business Agent
active_backup_for_business_agent
8 CVEs
Download Station
download_station
8 CVEs
Video Station
video_station
6 CVEs
Drive Server
drive_server
6 CVEs
Media Server
media_server
6 CVEs
Drive Client
drive_client
6 CVEs
Beedrive
beedrive
6 CVEs
Note Station
note_station
5 CVEs
Dns Server
dns_server
5 CVEs
Ssl Vpn Client
ssl_vpn_client
5 CVEs
Audio Station
audio_station
4 CVEs
Directory Server
directory_server
4 CVEs
Radius Server
radius_server
4 CVEs
Beestation Os
beestation_os
4 CVEs
Chat
chat
3 CVEs
Office
office
3 CVEs
Carddav Server
carddav_server
3 CVEs
File Station
file_station
3 CVEs
Mailplus Server
mailplus_server
3 CVEs
Virtual Diskstation Manager
virtual_diskstation_manager
3 CVEs
Dsm
dsm
2 CVEs
Assistant
assistant
2 CVEs
Sso Server
sso_server
2 CVEs
Application Service
application_service
2 CVEs
Moments
moments
2 CVEs
Safeaccess
safeaccess
2 CVEs
Presto File Server
presto_file_server
2 CVEs
Synology Photo Station
synology_photo_station
1 CVE
Ds Photo+
ds_photo+
1 CVE
Ds File
ds_file
1 CVE
Ds Audio
ds_audio
1 CVE
Cloud Station
cloud_station
1 CVE
Photo Station Uploader
photo_station_uploader
1 CVE
Cloud Station Backup
cloud_station_backup
1 CVE
Cloud Station Drive
cloud_station_drive
1 CVE
Virtual Machine Manager
virtual_machine_manager
1 CVE
Vs960hd
vs960hd
1 CVE
Vs360hd Firmware
vs360hd_firmware
1 CVE
Universal Search
universal_search
1 CVE
Ds107 Firmware
ds107_firmware
1 CVE
Ds213 Firmware
ds213_firmware
1 CVE
Ds116 Firmware
ds116_firmware
1 CVE
Web Station
web_station
1 CVE
Antivirus Essential
antivirus_essential
1 CVE
Docker
docker
1 CVE
Mail Station
mail_station
1 CVE
Webdav Server
webdav_server
1 CVE
Storage Analyzer
storage_analyzer
1 CVE
Usb Copy
usb_copy
1 CVE
Vpn Plus Server
vpn_plus_server
1 CVE
Photos
photos
1 CVE
Beephotos
beephotos
1 CVE
Unified Controller
unified_controller
1 CVE
Replication Service
replication_service
1 CVE
Cc400w Firmware
cc400w_firmware
1 CVE
Active Backup For Microsoft 365
active_backup_for_microsoft_365
1 CVE
Mail Server
mail_server
1 CVE
Presto Client
presto_client
1 CVE
Contacts
contacts
1 CVE
Storage Manager
storage_manager
1 CVE
Activeprotect Agent
activeprotect_agent
1 CVE
Safe Access
safe_access
1 CVE
C2 Identity Edge Server
c2_identity_edge_server
1 CVE
Active Backup For Business
active_backup_for_business
1 CVE
Disk Station Ds1010+
disk_station_ds1010+
0 CVEs
Disk Station Ds109
disk_station_ds109
0 CVEs
Disk Station Ds110+
disk_station_ds110+
0 CVEs
Disk Station Ds110j
disk_station_ds110j
0 CVEs
Disk Station Ds209
disk_station_ds209
0 CVEs
Disk Station Ds210+
disk_station_ds210+
0 CVEs
Disk Station Ds210j
disk_station_ds210j
0 CVEs
Disk Station Ds409slim
disk_station_ds409slim
0 CVEs
Disk Station Ds410
disk_station_ds410
0 CVEs
Disk Station Ds410j
disk_station_ds410j
0 CVEs
Disk Station Ds411+
disk_station_ds411+
0 CVEs
Disk Station Ds710+
disk_station_ds710+
0 CVEs
Vs360hd
vs360hd
0 CVEs
Ds107
ds107
0 CVEs
Ds213
ds213
0 CVEs
Ds116
ds116
0 CVEs
Uc3200
uc3200
0 CVEs
Ds3622xs+
ds3622xs+
0 CVEs
Fs3410
fs3410
0 CVEs
Hd6500
hd6500
0 CVEs
Bc500
bc500
0 CVEs
Tc500
tc500
0 CVEs
Cc400w
cc400w
0 CVEs

CVEs (346)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-16775
1Synology
1Sso Server
Nov 21, 2024
Apr 1, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2017-16774
1Synology
1Diskstation Manager
Jan 14, 2025
Apr 1, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the...Show more
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.Show less
CVE-2018-8920
1Synology
1Diskstation Manager
Jan 14, 2025
Dec 24, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an a...Show more
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.Show less
CVE-2018-8919
1Synology
1Diskstation Manager
Jan 14, 2025
Dec 24, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
CVE-2018-8917
1Synology
1Diskstation Manager
Jan 14, 2025
Dec 24, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-8918
1Synology
1Router Manager
Nov 21, 2024
Dec 24, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-1160
3Debian
NetatalkSynology
6Debian Linux
Diskstation ManagerNetatalk+3 more
Feb 13, 2026
Dec 20, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to a...Show more
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.Show less
CVE-2018-13282
1Synology
1Photo Station
Nov 21, 2024
Oct 31, 2018
N/A· v4
6.3 MEDIUM· v3
6.8 MEDIUM· v2
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2018-13281
1Synology
3Diskstation Manager
SkynasVs960hd
Jan 14, 2025
Oct 31, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the...Show more
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.Show less
CVE-2018-13280
1Synology
1Diskstation Manager
Jan 14, 2025
Jul 30, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified...Show more
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.Show less
CVE-2016-6554
1Synology
3Ds107 Firmware
Ds116 FirmwareDs213 Firmware
Nov 21, 2024
Jul 13, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker...Show more
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.Show less
CVE-2018-8929
1Synology
1Ssl Vpn Client
Nov 21, 2024
Jul 6, 2018
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted pay...Show more
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.Show less
CVE-2018-8928
1Synology
1Carddav Server
Nov 21, 2024
Jul 5, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_nam...Show more
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.Show less
CVE-2017-16773
1Synology
1Universal Search
Nov 21, 2024
Jul 5, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
CVE-2018-8927
1Synology
1Calendar
Nov 21, 2024
Jun 14, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
CVE-2018-8926
1Synology
1Photo Station
Nov 21, 2024
Jun 8, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname...Show more
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.Show less
CVE-2018-8925
1Synology
1Photo Station
Nov 21, 2024
Jun 8, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) usernam...Show more
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.Show less
CVE-2018-8916
1Synology
1Diskstation Manager
Jan 14, 2025
Jun 8, 2018
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVE-2017-12078
1Synology
1Router Manager
Nov 21, 2024
Jun 8, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2017-12075
1Synology
1Diskstation Manager
Jan 14, 2025
Jun 8, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.