Filtered by vendor Synology
Subscribe
Total
297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27649 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-27647 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | |||||
| CVE-2023-5748 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A | 3.3 LOW |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. | |||||
| CVE-2023-5746 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500. | |||||
| CVE-2023-41741 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2023-41740 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. | |||||
| CVE-2023-41739 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 4.9 MEDIUM |
| Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | |||||
| CVE-2023-41738 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2023-32956 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2023-32955 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 8.1 HIGH |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2023-0077 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. | |||||
| CVE-2022-43932 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A | 7.5 HIGH |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2022-43931 | 1 Synology | 2 Router Manager, Vpn Plus Server | 2024-11-21 | N/A | 10.0 CRITICAL |
| Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-43749 | 1 Synology | 1 Presto File Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | |||||
| CVE-2022-43748 | 1 Synology | 1 Presto File Server | 2024-11-21 | N/A | 5.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
| CVE-2022-27619 | 1 Synology | 1 Note Station | 2024-11-21 | N/A | 6.8 MEDIUM |
| Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-27615 | 1 Synology | 1 Dns Server | 2024-11-21 | N/A | 7.7 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A | 8.3 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-27612 | 1 Synology | 1 Audio Station | 2024-11-21 | N/A | 7.3 HIGH |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-27611 | 1 Synology | 1 Audio Station | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||