Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-27625 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology
critical
9.8
2022-10-20 CVE-2022-27626 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management.
network
high complexity
synology
8.1
2022-10-20 CVE-2022-3576 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology
7.5
2022-08-03 CVE-2022-27621 Unspecified vulnerability in Synology USB Copy
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
network
low complexity
synology
3.8
2022-08-03 CVE-2022-27617 Unspecified vulnerability in Synology Calendar
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
network
low complexity
synology
4.3
2022-08-03 CVE-2022-27618 Unspecified vulnerability in Synology Storage Analyzer
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology
6.5
2022-08-03 CVE-2022-27619 Unspecified vulnerability in Synology Note Station
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
high complexity
synology
5.9
2022-08-03 CVE-2022-27620 Path Traversal vulnerability in Synology SSO Server 2.1.30129
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
4.9
2022-08-03 CVE-2022-27616 Unspecified vulnerability in Synology Diskstation Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology
7.2
2022-07-28 CVE-2022-27611 Unspecified vulnerability in Synology Audio Station
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology
8.1