synology

329 tracked vulnerabilities.

CVE-2024-29238 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29237 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29236 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29235 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29234 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29233 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29232 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29231 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Info Disclosure & DoS via UserPrivilege.Enum
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29230 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated SQL Injection via SnapShot.CountByCategory WebAPI
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29229 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetLiveViewPath WebAPI
Mar 28, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-29228 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetStmUrlPath WebAPI
Mar 28, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-29227 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-0854 MEDIUM
Synology DiskStation Manager - Open Redirect
Jan 24, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-52944 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in ActionRule WebAPI
Dec 04, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-52943 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in Alert.Setting webapi
Dec 04, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-52950 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Missing Encryption of Sensitive Data in Login Component
Sep 26, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-52949 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Unauthenticated User Credential Exposure via Proxy Settings
Sep 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-52948 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Missing Encryption of Sensitive Data in Settings Functionality
Sep 26, 2024
CVSS 5.0
EPSS 0.00
CVE-2023-52947 MEDIUM
Synology Active Backup for Business Agent < 2.6.3-3101 - Unauthenticated Logout via Local Attack
Sep 26, 2024
CVSS 4.0
EPSS 0.00
CVE-2023-52946 HIGH
Synology Drive Client < 3.5.0-16084 - Buffer Overflow in VSS Service
Sep 26, 2024
CVSS 8.2
EPSS 0.02
CVE-2023-47803 MEDIUM
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Path Traversal in Language Settings
Jun 28, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-47802 HIGH
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated OS Command Injection in IP Block Functionality
Jun 28, 2024
CVSS 7.2
EPSS 0.00
CVE-2023-5748 LOW
Synology SSL VPN Client < 1.4.7-0687 - Denial of Service via CGI Component Buffer Overflow
Nov 07, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5746 CRITICAL
Synology BC500 and TC500 Firmware < 1.0.5-0185 - Remote Code Execution via Format String in CGI Component
Oct 25, 2023
CVSS 9.8
EPSS 0.06
CVE-2023-41741 MEDIUM
Synology Router Manager <1.3.1-9346-6 - Info Disclosure
Aug 31, 2023
CVSS 5.3
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV