High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-20	CVE-2022-27626	Race Condition vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. network high complexity synology CWE-362	8.1
2022-10-20	CVE-2022-3576	Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-125	7.5
2022-03-25	CVE-2022-22687	Classic Buffer Overflow vulnerability in Synology products Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology CWE-120	7.5
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8
2022-02-07	CVE-2021-43925	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2022-02-07	CVE-2021-43926	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2022-02-07	CVE-2021-43927	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2021-06-23	CVE-2021-27649	Use After Free vulnerability in Synology products Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology CWE-416	7.5
2021-06-01	CVE-2021-33180	SQL Injection vulnerability in Synology Media Server Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2021-05-21	CVE-2021-31439	Out-of-bounds Write vulnerability in multiple products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. low complexity synology debian netatalk CWE-787	8.8