Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2023-52950 Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.
high complexity
synology CWE-311
5.3
2024-01-24 CVE-2024-0854 Unspecified vulnerability in Synology Diskstation Manager
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
network
low complexity
synology
5.4
2023-11-07 CVE-2023-5748 Classic Buffer Overflow vulnerability in Synology SSL VPN Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
local
low complexity
synology CWE-120
5.5
2023-10-25 CVE-2023-5746 Use of Externally-Controlled Format String vulnerability in Synology Bc500 Firmware and Tc500 Firmware
A vulnerability regarding use of externally-controlled format string is found in the cgi component.
network
low complexity
synology CWE-134
critical
9.8
2023-08-31 CVE-2023-41738 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology
8.8
2023-08-31 CVE-2023-41739 Unspecified vulnerability in Synology Router Manager
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
network
low complexity
synology
6.5
2023-08-31 CVE-2023-41740 Unspecified vulnerability in Synology Router Manager
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
network
low complexity
synology
5.3
2023-08-31 CVE-2023-41741 Unspecified vulnerability in Synology Router Manager
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology
7.5
2023-06-13 CVE-2023-2729 Unspecified vulnerability in Synology products
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
network
low complexity
synology
7.5
2023-06-13 CVE-2023-0142 Unspecified vulnerability in Synology products
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
network
low complexity
synology
8.1