High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2022-22687	Classic Buffer Overflow vulnerability in Synology products Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology CWE-120	7.5
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8
2022-02-07	CVE-2021-43925	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2022-02-07	CVE-2021-43926	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2022-02-07	CVE-2021-43927	SQL Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2021-06-23	CVE-2021-27649	Use After Free vulnerability in Synology products Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology CWE-416	7.5
2021-06-01	CVE-2021-33180	SQL Injection vulnerability in Synology Media Server Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity synology CWE-89	7.5
2021-05-21	CVE-2021-31439	Out-of-bounds Write vulnerability in multiple products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. low complexity synology debian netatalk CWE-787	8.8
2021-03-12	CVE-2021-27647	Out-of-bounds Read vulnerability in Synology Diskstation Manager Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. network low complexity synology CWE-125	7.5
2021-03-12	CVE-2021-27646	Use After Free vulnerability in Synology Diskstation Manager Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. network low complexity synology CWE-416	7.5