Vulnerabilities > Synology > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2022-49037 Information Exposure Through Log Files vulnerability in Synology Drive Client
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
synology CWE-532
6.5
2024-09-26 CVE-2022-49039 Out-of-bounds Write vulnerability in Synology Drive Client
Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.
local
low complexity
synology CWE-787
6.7
2024-09-26 CVE-2022-49040 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
local
low complexity
synology CWE-120
4.4
2024-09-26 CVE-2022-49041 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
local
low complexity
synology CWE-120
4.4
2024-09-26 CVE-2023-52948 Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-311
5.0
2024-09-26 CVE-2023-52949 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-306
5.5
2024-09-26 CVE-2023-52950 Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.
high complexity
synology CWE-311
5.3
2024-01-24 CVE-2024-0854 Unspecified vulnerability in Synology Diskstation Manager
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
network
low complexity
synology
5.4
2023-11-07 CVE-2023-5748 Classic Buffer Overflow vulnerability in Synology SSL VPN Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
local
low complexity
synology CWE-120
5.5
2023-08-31 CVE-2023-41739 Unspecified vulnerability in Synology Router Manager
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
network
low complexity
synology
6.5