Vulnerabilities > Synology > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2022-49038 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-829
7.8
2024-09-26 CVE-2023-52946 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.
network
low complexity
synology CWE-120
8.2
2023-08-31 CVE-2023-41738 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology
8.8
2023-08-31 CVE-2023-41741 Unspecified vulnerability in Synology Router Manager
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
synology
7.5
2023-06-13 CVE-2023-2729 Unspecified vulnerability in Synology products
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
network
low complexity
synology
7.5
2023-06-13 CVE-2023-0142 Unspecified vulnerability in Synology products
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
network
low complexity
synology
8.1
2023-05-16 CVE-2023-32955 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.
network
high complexity
synology
8.1
2023-01-05 CVE-2022-43932 Unspecified vulnerability in Synology Router Manager
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology
7.5
2022-10-26 CVE-2022-43748 Unspecified vulnerability in Synology Presto File Server
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
network
low complexity
synology
7.5
2022-10-26 CVE-2022-43749 Unspecified vulnerability in Synology Presto File Server
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
network
low complexity
synology
8.8