Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32955 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.
network
high complexity
synology
8.1
2023-05-16 CVE-2023-32956 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology
critical
9.8
2023-01-05 CVE-2022-43932 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology
7.5
2023-01-05 CVE-2023-0077 Unspecified vulnerability in Synology Router Manager
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
network
low complexity
synology
critical
9.8
2023-01-03 CVE-2022-43931 Unspecified vulnerability in Synology VPN Plus Server 1.4.30534
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
synology
critical
10.0
2022-10-26 CVE-2022-43748 Unspecified vulnerability in Synology Presto File Server
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
network
low complexity
synology
7.5
2022-10-26 CVE-2022-43749 Unspecified vulnerability in Synology Presto File Server
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
network
low complexity
synology
8.8
2022-10-25 CVE-2022-27622 Unspecified vulnerability in Synology Diskstation Manager
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology
4.3
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
9.1
2022-10-20 CVE-2022-27624 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.
network
low complexity
synology
critical
9.8