Search Results (351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2729 1 Synology 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager 2025-01-14 5.9 Medium
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
CVE-2019-14907 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-01-14 6.5 Medium
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2019-19344 4 Canonical, Opensuse, Samba and 1 more 7 Ubuntu Linux, Leap, Samba and 4 more 2025-01-14 6.5 Medium
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
CVE-2021-26560 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 9 Critical
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2023-5748 1 Synology 1 Ssl Vpn Client 2024-11-21 3.3 Low
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-5746 1 Synology 4 Bc500, Bc500 Firmware, Tc500 and 1 more 2024-11-21 9.8 Critical
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
CVE-2023-41741 1 Synology 1 Router Manager 2024-11-21 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2023-41740 1 Synology 1 Router Manager 2024-11-21 5.3 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
CVE-2023-41739 1 Synology 1 Router Manager 2024-11-21 4.9 Medium
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41738 1 Synology 1 Router Manager 2024-11-21 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-27619 1 Synology 1 Note Station 2024-11-21 6.8 Medium
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2022-27615 1 Synology 1 Dns Server 2024-11-21 7.7 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-27613 1 Synology 1 Carddav Server 2024-11-21 8.3 High
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2022-27612 1 Synology 1 Audio Station 2024-11-21 7.3 High
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-27611 1 Synology 1 Audio Station 2024-11-21 5.4 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-27610 1 Synology 1 Diskstation Manager 2024-11-21 6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-22686 1 Synology 1 Calendar 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
CVE-2022-22685 1 Synology 1 Webdav Server 2024-11-21 8.7 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-22682 1 Synology 1 Calendar 2024-11-21 6.5 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2022-22681 1 Synology 1 Photo Station 2024-11-21 8.1 High
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.