Vulnerabilities > Synology > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-10443 Command Injection vulnerability in Synology Beephotos and Photos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
critical
9.8
2023-10-25 CVE-2023-5746 Use of Externally-Controlled Format String vulnerability in Synology Bc500 Firmware and Tc500 Firmware
A vulnerability regarding use of externally-controlled format string is found in the cgi component.
network
low complexity
synology CWE-134
critical
9.8
2023-05-16 CVE-2023-32956 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology
critical
9.8
2023-01-05 CVE-2023-0077 Unspecified vulnerability in Synology Router Manager
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
network
low complexity
synology
critical
9.8
2023-01-03 CVE-2022-43931 Unspecified vulnerability in Synology VPN Plus Server 1.4.30534
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
synology
critical
10.0
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
9.1
2022-10-20 CVE-2022-27624 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.
network
low complexity
synology
critical
9.8
2022-10-20 CVE-2022-27625 Unspecified vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology
critical
9.8
2022-07-28 CVE-2022-22683 Unspecified vulnerability in Synology Media Server
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology
critical
9.8
2022-07-28 CVE-2022-27612 Classic Buffer Overflow vulnerability in Synology Audio Station
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-120
critical
9.8