CVE-2022-27610
- EPSS 1.32%
- Published 27.07.2022 08:15:07
- Last modified 21.11.2024 06:56:01
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vect...
CVE-2022-22688
- EPSS 2.4%
- Published 25.03.2022 07:15:07
- Last modified 14.01.2025 19:29:55
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands...
- EPSS 28.45%
- Published 21.02.2022 15:15:07
- Last modified 23.04.2025 19:15:51
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fru...
CVE-2017-16766
- EPSS 0.58%
- Published 22.12.2017 14:29:13
- Last modified 20.04.2025 01:37:25
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2012-1556
- EPSS 0.77%
- Published 12.09.2014 14:55:06
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.