synology

352 tracked vulnerabilities.

CVE-2024-29232 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-29231 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Info Disclosure & DoS via UserPrivilege.Enum
Mar 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-29230 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated SQL Injection via SnapShot.CountByCategory WebAPI
Mar 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-29229 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetLiveViewPath WebAPI
Mar 28, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-29228 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetStmUrlPath WebAPI
Mar 28, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-29227 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-0854 MEDIUM
Synology DiskStation Manager - Open Redirect
Jan 24, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-52951 MEDIUM
Synology Note Station Client < 2.2.4-703 - Cleartext Transmission of Sensitive Information
Jun 03, 2026
CVSS 5.9
EPSS 0.00
CVE-2023-52945 HIGH
Synology BeeDrive For Desktop < 1.3.2-13814 - Uncontrolled Search Path Element
May 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2023-52944 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in ActionRule WebAPI
Dec 04, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-52943 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in Alert.Setting webapi
Dec 04, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-52950 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Missing Encryption of Sensitive Data in Login Component
Sep 26, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-52949 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Unauthenticated User Credential Exposure via Proxy Settings
Sep 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-52948 MEDIUM
Synology Active Backup for Business Agent < 2.7.0-3221 - Missing Encryption of Sensitive Data in Settings Functionality
Sep 26, 2024
CVSS 5.0
EPSS 0.00
CVE-2023-52947 MEDIUM
Synology Active Backup for Business Agent < 2.6.3-3101 - Unauthenticated Logout via Local Attack
Sep 26, 2024
CVSS 4.0
EPSS 0.00
CVE-2023-52946 HIGH
Synology Drive Client < 3.5.0-16084 - Buffer Overflow in VSS Service
Sep 26, 2024
CVSS 8.2
EPSS 0.01
CVE-2023-47803 MEDIUM
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Path Traversal in Language Settings
Jun 28, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-47802 HIGH
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated OS Command Injection in IP Block Functionality
Jun 28, 2024
CVSS 7.2
EPSS 0.01
CVE-2023-5748 LOW
Synology SSL VPN Client < 1.4.7-0687 - Denial of Service via CGI Component Buffer Overflow
Nov 07, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5746 CRITICAL
Synology BC500 and TC500 Firmware < 1.0.5-0185 - Remote Code Execution via Format String in CGI Component
Oct 25, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-41741 MEDIUM
Synology Router Manager <1.3.1-9346-6 - Info Disclosure
Aug 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41740 MEDIUM
Synology Router Manager < 1.3.1-9346-6 - Path Traversal in CGI Component
Aug 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41739 MEDIUM
Synology Router Manager <1.3.1-9346-6 - DoS
Aug 31, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-41738 HIGH
Synology Router Manager < 1.3.1-9346-6 - Authenticated OS Command Injection in Directory Domain Functionality
Aug 31, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-2729 MEDIUM
Synology DSM <7.2-64561 - Info Disclosure
Jun 13, 2023
CVSS 5.9
EPSS 0.01