Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-43748 Path Traversal vulnerability in Synology Presto File Server
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
7.5
2022-10-26 CVE-2022-43749 Improper Privilege Management vulnerability in Synology Presto File Server
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
network
low complexity
synology CWE-269
8.8
2022-10-25 CVE-2022-27622 Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
4.3
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
9.1
2022-10-20 CVE-2022-27624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27625 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27626 Race Condition vulnerability in Synology Diskstation Manager
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management.
network
high complexity
synology CWE-362
8.1
2022-10-20 CVE-2022-3576 Out-of-bounds Read vulnerability in Synology Diskstation Manager
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-125
7.5
2022-07-12 CVE-2022-22682 Cross-site Scripting vulnerability in Synology Calendar
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
synology CWE-79
3.5
2022-07-06 CVE-2022-22681 Session Fixation vulnerability in Synology Photo Station
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
network
low complexity
synology CWE-384
5.0