Filtered by vendor Synology Subscriptions
Total 289 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-4679 1 Synology 1 Active Backup For Microsoft 365 2025-05-30 6.5 Medium
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
CVE-2024-0854 1 Synology 1 Diskstation Manager 2025-05-30 5.4 Medium
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
CVE-2022-43749 1 Synology 1 Presto File Server 2025-05-09 4.3 Medium
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
CVE-2022-27626 1 Synology 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more 2025-05-08 10 Critical
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-27625 1 Synology 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more 2025-05-07 10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-27623 1 Synology 1 Diskstation Manager 2025-05-07 7.4 High
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
CVE-2022-27622 1 Synology 1 Diskstation Manager 2025-05-07 4.1 Medium
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2022-27624 1 Synology 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more 2025-05-07 10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-3576 1 Synology 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more 2025-05-05 5.3 Medium
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-43748 1 Synology 1 Presto File Server 2025-04-25 5.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-44142 6 Canonical, Debian, Fedoraproject and 3 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2025-04-23 8.8 High
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVE-2017-11158 2 Microsoft, Synology 2 Windows, Cloud Station Drive 2025-04-20 N/A
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
CVE-2017-9555 1 Synology 1 Photo Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2017-16768 1 Synology 1 Mailplus Server 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
CVE-2017-15888 1 Synology 1 Audio Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
CVE-2017-15887 1 Synology 1 Carddav Server 2025-04-20 N/A
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15895 1 Synology 1 Router Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2016-10329 1 Synology 1 Photo Station 2025-04-20 N/A
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
CVE-2017-12079 1 Synology 1 Photo Station 2025-04-20 N/A
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.