Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2021-06-23 CVE-2021-27649 USE After Free vulnerability in Synology products
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-416
7.5
2021-06-23 CVE-2021-29084 Injection vulnerability in Synology products
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-74
5.0
2021-06-23 CVE-2021-29085 Injection vulnerability in Synology products
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-74
5.0
2021-06-23 CVE-2021-29086 Information Exposure vulnerability in Synology products
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology CWE-200
5.0
2021-06-23 CVE-2021-29087 Path Traversal vulnerability in Synology products
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
5.0
2021-06-18 CVE-2021-34808 Server-Side Request Forgery (SSRF) vulnerability in Synology Media Server
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
5.0
2021-06-18 CVE-2021-34809 Command Injection vulnerability in Synology Download Station
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
6.5
2021-06-18 CVE-2021-34810 Improper Privilege Management vulnerability in Synology Download Station
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-269
6.5
2021-06-18 CVE-2021-34811 Server-Side Request Forgery (SSRF) vulnerability in Synology Download Station
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
4.0
2021-06-18 CVE-2021-34812 USE of Hard-Coded Credentials vulnerability in Synology Calendar
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology CWE-798
5.0