Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-03	CVE-2022-27619	Unspecified vulnerability in Synology Note Station Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. network high complexity synology	5.9
2022-08-03	CVE-2022-27620	Path Traversal vulnerability in Synology SSO Server 2.1.30129 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. network low complexity synology CWE-22	4.9
2022-07-12	CVE-2022-22682	Unspecified vulnerability in Synology Calendar Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. network low complexity synology	5.4
2022-02-07	CVE-2021-43929	Cross-site Scripting vulnerability in Synology Diskstation Manager Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. network low complexity synology CWE-79	5.4
2022-02-07	CVE-2022-22679	Path Traversal vulnerability in Synology Diskstation Manager Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. network low complexity synology CWE-22	4.9
2021-06-18	CVE-2021-34808	Unspecified vulnerability in Synology Media Server Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. network low complexity synology	5.3
2021-06-18	CVE-2021-34811	Unspecified vulnerability in Synology Download Station Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. network low complexity synology	4.3
2021-06-02	CVE-2021-29091	Unspecified vulnerability in Synology Photo Station Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. network low complexity synology	6.5
2021-06-01	CVE-2021-33182	Path Traversal vulnerability in Synology Diskstation Manager Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. network low complexity synology CWE-22	4.3
2021-02-26	CVE-2021-26565	Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. network high complexity synology CWE-319	5.9