Vulnerabilities > Synology > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-41740 | Unspecified vulnerability in Synology Router Manager Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. | 5.3 |
| 2022-10-25 | CVE-2022-27622 | Unspecified vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |
| 2022-08-03 | CVE-2022-27617 | Unspecified vulnerability in Synology Calendar Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | 4.3 |
| 2022-08-03 | CVE-2022-27618 | Unspecified vulnerability in Synology Storage Analyzer Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 6.5 |
| 2022-08-03 | CVE-2022-27619 | Unspecified vulnerability in Synology Note Station Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 5.9 |
| 2022-08-03 | CVE-2022-27620 | Path Traversal vulnerability in Synology SSO Server 2.1.30129 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.9 |
| 2022-07-12 | CVE-2022-22682 | Unspecified vulnerability in Synology Calendar Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2022-02-07 | CVE-2021-43929 | Cross-site Scripting vulnerability in Synology Diskstation Manager Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2022-02-07 | CVE-2022-22679 | Path Traversal vulnerability in Synology Diskstation Manager Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | 4.9 |
| 2021-06-18 | CVE-2021-34808 | Unspecified vulnerability in Synology Media Server Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | 5.3 |