• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-22689
2022-02-10
N/A
8.8 HIGH
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
CVE-2022-22688
2022-03-30
N/A
8.8 HIGH
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-22687
2022-03-30
N/A
9.8 CRITICAL
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22686
Calendar, Synology
Skynas_firmware, Skynas, Vs960hd_firmware, Vs960hd, Active_directory_server, Antivirus_essential, Application_service, Assistant, Audio_station, Calendar
2022-08-01
N/A
8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
CVE-2022-22685
2022-08-03
N/A
8.1 HIGH
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2022-22684
2022-08-03
N/A
8.8 HIGH
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-22683
2022-08-03
N/A
9.8 CRITICAL
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22682
Calendar, Synology
Skynas_firmware, Skynas, Vs960hd_firmware, Vs960hd, Active_directory_server, Antivirus_essential, Application_service, Assistant, Audio_station, Calendar
2022-07-15
N/A
5.4 MEDIUM
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2022-22681
2022-07-14
N/A
7.5 HIGH
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVE-2022-22680
2022-02-10
N/A
7.5 HIGH
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.
« Previous 1 … 10,650 10,651 10,652 10,653 10,654 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE