60 matches found
PT-2022-18522 · Synology · Synology Calendar
Name of the Vulnerable Software and Affected Versions: Synology Calendar versions prior to 2.3.4-0631 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote...
PT-2022-18521 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-3 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows remote authenticated...
CVE-2022-27618
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Synology Calendar Cross-Site Request Forgery Vulnerability
Synology Calendar, a file protection application running on Synology NAS devices from Synology, Taiwan, China, is vulnerable to cross-site request spoofing in versions prior to Synology Calendar 2.3.4-0631, which stems from a webapi component that does not adequately validate that the request is...
PT-2022-18518 · Synology · Synology Carddav Server
Name of the Vulnerable Software and Affected Versions: Synology CardDAV Server versions prior to 6.0.10-0153 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing remote authenticated users to inject SQL commands via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Vulnerability fixed in Synology DiskStation Manager
Synology has fixed a vulnerability in Diskstation Manager. The vulnerability is located in the webapi component of DiskStation Manager. An authenticated malicious party can perform a path traversal attack that results in the following categories of damage: Denial-of-Service DoS. Manipulation of...
Synology DiskStation Manager 路径遍历漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. The operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager DSM, whi...
CVE-2022-22686
Cross-Site Request Forgery CSRF vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors...
CVE-2022-27611
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors...
CVE-2022-22685
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Synology DiskStation Manager Information Disclosure Vulnerability (CNVD-2021-45741)
DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. An information disclosure vulnerability exists in the webapi component of Synology DiskStation Manager prior to version 6.2.3-25426-3. A remote attacker can exploit...
Synology DiskStation Manager 路径遍历漏洞
DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. A path traversal vulnerability exists in the webapi component in Synology DiskStation Manager versions prior to 6.2.3-25426-3. A remote attacker can exploit the...
Synology Video Station Video Station Server-Side Request Forgery Vulnerability
Synology Video Station is a video management center. It can manage all movies, TV shows and home videos on Synology NAS. A server-side request forgery vulnerability exists in the Synology Video Station webapi component before 2.4.10-1632, which can be exploited by a remote authenticated attacker ...
CVE-2021-33181
Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...
CVE-2021-33181
Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...
CVE-2021-33181
Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...
CVE-2021-33181
CVE-2021-33181 refers to a Server-Side Request Forgery in the Synology Video Station webapi component prior to version 2.4.10-1632. The vulnerability enables remote authenticated attackers to issue arbitrary requests to internal/intranet resources via unspecified vectors. Documents consistently i...