CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Total 351 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-26565	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
CVE-2021-26563	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26562	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26561	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2023-5748	1 Synology	1 Ssl Vpn Client	2024-11-21	3.3 Low
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-5746	1 Synology	4 Bc500, Bc500 Firmware, Tc500 and 1 more	2024-11-21	9.8 Critical
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
CVE-2023-41741	1 Synology	1 Router Manager	2024-11-21	5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2023-41740	1 Synology	1 Router Manager	2024-11-21	5.3 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
CVE-2023-41739	1 Synology	1 Router Manager	2024-11-21	4.9 Medium
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41738	1 Synology	1 Router Manager	2024-11-21	7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-27619	1 Synology	1 Note Station	2024-11-21	6.8 Medium
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2022-27615	1 Synology	1 Dns Server	2024-11-21	7.7 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-27613	1 Synology	1 Carddav Server	2024-11-21	8.3 High
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2022-27612	1 Synology	1 Audio Station	2024-11-21	7.3 High
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-27611	1 Synology	1 Audio Station	2024-11-21	5.4 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-27610	1 Synology	1 Diskstation Manager	2024-11-21	6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-22686	1 Synology	1 Calendar	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
CVE-2022-22685	1 Synology	1 Webdav Server	2024-11-21	8.7 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-22682	1 Synology	1 Calendar	2024-11-21	6.5 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2022-22681	1 Synology	1 Photo Station	2024-11-21	8.1 High
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

« first previous Page 13 of 18. next last »