synology

329 tracked vulnerabilities.

CVE-2022-27619 MEDIUM
Synology Note Station < 2.2.2-609 - Cleartext Transmission of Sensitive Information in Authentication Management
Aug 03, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-27618 MEDIUM
Synology Storage Analyzer < 2.1.0-0390 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component
Aug 03, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-27617 MEDIUM
Synology Calendar < 2.3.4-0631 - Authenticated Path Traversal via WebAPI Component
Aug 03, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-27616 HIGH
Synology DiskStation Manager 6.2-6.2.4-25556-5 - Authenticated OS Command Injection in WebAPI Component
Aug 03, 2022
CVSS 7.2
EPSS 0.02
CVE-2022-27611 MEDIUM
Synology Audio Station < 6.5.4-3367 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component
Jul 28, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-27614 MEDIUM
Synology Media Server < 1.8.1-2876 - Exposure of Sensitive Information via Web Server
Jul 28, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-27613 HIGH
Synology CardDAV Server < 6.0.10-0153 - Authenticated SQL Injection in WebAPI Component
Jul 28, 2022
CVSS 8.3
EPSS 0.01
CVE-2022-27612 HIGH
Synology Audio Station < 6.5.4-3367 - Remote Code Execution via Buffer Overflow in CGI Component
Jul 28, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-22685 HIGH
Synology WebDAV Server < 2.4.0-0062 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component
Jul 28, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-22684 HIGH
Synology DiskStation Manager < 6.2.4-25553 - Authenticated OS Command Injection in Task Management Component
Jul 28, 2022
CVSS 7.2
EPSS 0.02
CVE-2022-22683 CRITICAL
Synology Media Server < 1.8.1-2876 - Remote Code Execution via Buffer Overflow in CGI Component
Jul 28, 2022
CVSS 10.0
EPSS 0.02
CVE-2022-27615 HIGH
Synology DNS Server < 2.2.2-5027 - Authenticated Path Traversal and Arbitrary File Deletion via CGI Component
Jul 28, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-27610 MEDIUM
Synology DiskStation Manager 6.2-6.2.3-25423 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI
Jul 27, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-22686 MEDIUM
Synology Calendar < 2.3.4-0631 - Authenticated Cross-Site Request Forgery in WebAPI Component
Jul 26, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22682 MEDIUM
Synology Calendar < 2.4.5-10930 - Authenticated Stored Cross-Site Scripting in Event Management
Jul 12, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22681 HIGH
Synology Photo Station <6.8.16-3506 - Auth Bypass
Jul 06, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-22688 HIGH
Synology DiskStation Manager 6.2-6.2.4-25556-1 and 7.0-7.0.1-42213 - Authenticated Command Injection in File Service
Mar 25, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-22687 CRITICAL
Synology DiskStation Manager < 6.2.3-25426-3 - Remote Code Execution via Authentication Buffer Overflow
Mar 25, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-22679 MEDIUM
Synology DiskStation Manager 6.2-6.2.4-25556-3 - Authenticated Path Traversal and Arbitrary File Write
Feb 07, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22680 MEDIUM
Synology DiskStation Manager 6.2-6.2.4-25556-3 - Exposure of Sensitive Information via Web Server
Feb 07, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-47961 HIGH
Synology SSL VPN Client <1.4.5-0684 - Info Disclosure
Apr 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2021-47960 MEDIUM
Synology SSL VPN Client < 1.4.5-0684 - Information Disclosure via Local HTTP Server
Apr 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2021-44142 HIGH
Samba < 4.13.17 - Out-of-bounds Read and Write via Extended File Attributes
Feb 21, 2022
CVSS 8.8
EPSS 0.36
CVE-2021-43929 MEDIUM
Synology DSM <7.0.1-42218-2 - Command Injection
Feb 07, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-43928 CRITICAL
Synology Mail Station <20211105-10315 - Command Injection
Feb 07, 2022
CVSS 9.9
EPSS 0.01
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV