Filtered by vendor Synology
Subscriptions
Total
321 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 8.8 High |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2022-22687 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 9.8 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | 10 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-26560 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 9 Critical |
| Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | ||||
| CVE-2022-27616 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2021-29085 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 8.6 High |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2021-29086 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2021-29083 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | ||||
| CVE-2021-29087 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2023-2729 | 1 Synology | 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager | 2025-01-14 | 5.9 Medium |
| Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | ||||
| CVE-2022-27617 | 1 Synology | 2 Calendar, Diskstation Manager | 2025-01-14 | 5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | ||||
| CVE-2022-27618 | 1 Synology | 2 Diskstation Manager, Storage Analyzer | 2025-01-14 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
| CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
| CVE-2023-5748 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | 3.3 Low |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2023-5746 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2024-11-21 | 9.8 Critical |
| A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500. | ||||
| CVE-2023-41741 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2023-41740 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.3 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. | ||||
| CVE-2023-41739 | 1 Synology | 1 Router Manager | 2024-11-21 | 4.9 Medium |
| Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2023-41738 | 1 Synology | 1 Router Manager | 2024-11-21 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||