Vulnerabilities > Synology > Media Server

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2022-22683 Unspecified vulnerability in Synology Media Server
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology
critical
9.8
2022-07-28 CVE-2022-27614 Unspecified vulnerability in Synology Media Server
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology
7.5
2021-06-18 CVE-2021-34808 Unspecified vulnerability in Synology Media Server
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
network
low complexity
synology
5.3
2021-06-01 CVE-2021-33180 Unspecified vulnerability in Synology Media Server
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
synology
critical
9.8
2018-05-10 CVE-2018-8914 SQL Injection vulnerability in Synology Media Server
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
network
low complexity
synology CWE-89
critical
9.8