High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-16	CVE-2023-32955	Unspecified vulnerability in Synology Router Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. network high complexity synology	8.1
2023-01-05	CVE-2022-43932	Unspecified vulnerability in Synology Router Manager Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. network low complexity synology	7.5
2022-10-26	CVE-2022-43748	Unspecified vulnerability in Synology Presto File Server Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. network low complexity synology	7.5
2022-10-26	CVE-2022-43749	Unspecified vulnerability in Synology Presto File Server Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. network low complexity synology	8.8
2022-10-20	CVE-2022-27626	Race Condition vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. network high complexity synology CWE-362	8.1
2022-10-20	CVE-2022-3576	Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-125	7.5
2022-08-03	CVE-2022-27616	OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. network low complexity synology CWE-78	7.2
2022-07-28	CVE-2022-27611	Unspecified vulnerability in Synology Audio Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. network low complexity synology	8.1
2022-07-28	CVE-2022-22684	OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. network low complexity synology CWE-78	8.8
2022-07-28	CVE-2022-22685	Unspecified vulnerability in Synology Webdav Server Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. network low complexity synology	8.1