Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2022-08-03 CVE-2022-27618 Path Traversal vulnerability in Synology Storage Analyzer
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
6.5
6.5
2022-08-03 CVE-2022-27619 Unspecified vulnerability in Synology Note Station
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
high complexity
synology
5.9
5.9
2022-08-03 CVE-2022-27620 Path Traversal vulnerability in Synology SSO Server 2.1.30129
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
4.9
4.9
2022-08-03 CVE-2022-27616 OS Command Injection vulnerability in Synology Diskstation Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-78
7.2
7.2
2022-07-28 CVE-2022-27611 Unspecified vulnerability in Synology Audio Station
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology
8.1
8.1
2022-07-28 CVE-2022-22683 Classic Buffer Overflow vulnerability in Synology Media Server
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-120
critical
 9.8
9.8
2022-07-28 CVE-2022-22684 OS Command Injection vulnerability in Synology Diskstation Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-78
8.8
8.8
2022-07-28 CVE-2022-22685 Unspecified vulnerability in Synology Webdav Server
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
network
low complexity
synology
8.1
8.1
2022-07-28 CVE-2022-27612 Classic Buffer Overflow vulnerability in Synology Audio Station
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-120
critical
 9.8
9.8
2022-07-28 CVE-2022-27613 Unspecified vulnerability in Synology Carddav Server
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8