Synology CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Search

Switch to Advanced Search (Beta)

Total 288 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-22683	1 Synology	3 Diskstation Manager, Media Server, Router Manager	2025-01-14	10 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22684	1 Synology	1 Diskstation Manager	2025-01-14	7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-22687	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-27614	1 Synology	3 Diskstation Manager, Media Server, Router Manager	2025-01-14	5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2022-27616	1 Synology	1 Diskstation Manager	2025-01-14	7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-27617	1 Synology	2 Calendar, Diskstation Manager	2025-01-14	5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
CVE-2022-27618	1 Synology	2 Diskstation Manager, Storage Analyzer	2025-01-14	6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-27620	1 Synology	2 Diskstation Manager, Sso Server	2025-01-14	6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2022-27621	1 Synology	2 Diskstation Manager, Usb Copy	2025-01-14	5.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
CVE-2023-0142	1 Synology	3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager	2025-01-14	6.5 Medium
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
CVE-2023-2729	1 Synology	3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager	2025-01-14	5.9 Medium
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
CVE-2024-0854	1 Synology	1 Diskstation Manager	2025-01-14	5.4 Medium
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
CVE-2024-29235	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29236	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29237	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29238	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-53285	1 Synology	1 Router Manager	2024-12-09	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-53284	1 Synology	1 Router Manager	2024-12-09	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-53283	1 Synology	1 Router Manager	2024-12-09	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-53282	1 Synology	1 Router Manager	2024-12-09	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 9 of 15. next last »