Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2025-05-16 CVE-2025-4679 Insufficiently Protected Credentials vulnerability in Synology Active Backup for Microsoft 365
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology CWE-522
6.5
6.5
2024-12-04 CVE-2023-52943 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
4.3
2024-12-04 CVE-2023-52944 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
4.3
2024-11-15 CVE-2024-10443 Command Injection vulnerability in Synology Beephotos and Photos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
critical
 9.8
9.8
2024-09-26 CVE-2022-49037 Information Exposure Through Log Files vulnerability in Synology Drive Client
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
synology CWE-532
6.5
6.5
2024-09-26 CVE-2022-49038 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-829
7.8
7.8
2024-09-26 CVE-2022-49039 Out-of-bounds Write vulnerability in Synology Drive Client
Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.
local
low complexity
synology CWE-787
6.7
6.7
2024-09-26 CVE-2022-49040 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
local
low complexity
synology CWE-120
4.4
4.4
2024-09-26 CVE-2022-49041 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
local
low complexity
synology CWE-120
4.4
4.4
2024-09-26 CVE-2023-52946 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.
network
low complexity
synology CWE-120
8.2
8.2