Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-26 | CVE-2022-43748 | Unspecified vulnerability in Synology Presto File Server Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | 7.5 |
| 2022-10-26 | CVE-2022-43749 | Unspecified vulnerability in Synology Presto File Server Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | 8.8 |
| 2022-10-25 | CVE-2022-27622 | Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |
| 2022-10-25 | CVE-2022-27623 | Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 9.1 |
| 2022-10-20 | CVE-2022-27624 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-10-20 | CVE-2022-27625 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-10-20 | CVE-2022-27626 | Race Condition vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. | 8.1 |
| 2022-10-20 | CVE-2022-3576 | Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. | 7.5 |
| 2022-08-03 | CVE-2022-27621 | Path Traversal vulnerability in Synology USB Copy Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | 3.8 |
| 2022-08-03 | CVE-2022-27617 | Path Traversal vulnerability in Synology Calendar Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | 4.3 |