Vulnerabilities > Synology
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-20 | CVE-2022-27625 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. | 9.8 |
2022-10-20 | CVE-2022-27626 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. | 8.1 |
2022-10-20 | CVE-2022-3576 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. | 7.5 |
2022-08-03 | CVE-2022-27621 | Unspecified vulnerability in Synology USB Copy Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | 3.8 |
2022-08-03 | CVE-2022-27617 | Unspecified vulnerability in Synology Calendar Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | 4.3 |
2022-08-03 | CVE-2022-27618 | Unspecified vulnerability in Synology Storage Analyzer Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 6.5 |
2022-08-03 | CVE-2022-27619 | Unspecified vulnerability in Synology Note Station Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 5.9 |
2022-08-03 | CVE-2022-27620 | Path Traversal vulnerability in Synology SSO Server 2.1.30129 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.9 |
2022-08-03 | CVE-2022-27616 | Unspecified vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 7.2 |
2022-07-28 | CVE-2022-27611 | Unspecified vulnerability in Synology Audio Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 8.1 |