Vulnerabilities > Synology > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-10443 | Command Injection vulnerability in Synology Beephotos and Photos Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2023-10-25 | CVE-2023-5746 | Use of Externally-Controlled Format String vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding use of externally-controlled format string is found in the cgi component. | 9.8 |
| 2023-05-16 | CVE-2023-32956 | Unspecified vulnerability in Synology Router Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2023-01-05 | CVE-2023-0077 | Unspecified vulnerability in Synology Router Manager Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. | 9.8 |
| 2023-01-03 | CVE-2022-43931 | Unspecified vulnerability in Synology VPN Plus Server 1.4.30534 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
| 2022-10-25 | CVE-2022-27623 | Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 9.1 |
| 2022-10-20 | CVE-2022-27624 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-10-20 | CVE-2022-27625 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-07-28 | CVE-2022-27612 | Classic Buffer Overflow vulnerability in Synology Audio Station Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | 9.8 |
| 2021-06-02 | CVE-2021-29089 | SQL Injection vulnerability in Synology Photo Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | 10.0 |