Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-20 | CVE-2022-3576 | Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. | 7.5 |
| 2022-08-03 | CVE-2022-27621 | Path Traversal vulnerability in Synology USB Copy Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | 3.8 |
| 2022-08-03 | CVE-2022-27617 | Path Traversal vulnerability in Synology Calendar Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | 4.3 |
| 2022-08-03 | CVE-2022-27618 | Path Traversal vulnerability in Synology Storage Analyzer Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 6.5 |
| 2022-08-03 | CVE-2022-27619 | Unspecified vulnerability in Synology Note Station Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 5.9 |
| 2022-08-03 | CVE-2022-27620 | Path Traversal vulnerability in Synology SSO Server 2.1.30129 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.9 |
| 2022-08-03 | CVE-2022-27616 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 7.2 |
| 2022-07-28 | CVE-2022-27611 | Unspecified vulnerability in Synology Audio Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 8.1 |
| 2022-07-28 | CVE-2022-22683 | Classic Buffer Overflow vulnerability in Synology Media Server Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2022-07-28 | CVE-2022-22684 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 8.8 |