Total
277614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 26 Traffic Server, Mac Os X, Swiftnio and 23 more | 2025-01-14 | 7.5 High |
| Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | ||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 5.8 Medium |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | ||||
| CVE-2021-26562 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 9 Critical |
| Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | ||||
| CVE-2021-26567 | 2 Faad2 Project, Synology | 8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more | 2025-01-14 | 7.8 High |
| Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. | ||||
| CVE-2021-26569 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 9.8 Critical |
| Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | ||||
| CVE-2021-29084 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 High |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2021-29086 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2022-27621 | 1 Synology | 2 Diskstation Manager, Usb Copy | 2025-01-14 | 5.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.4 High |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | ||||
| CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | ||||
| CVE-2015-2809 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | ||||
| CVE-2015-4655 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | ||||
| CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
| CVE-2017-15894 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
| CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2025-01-14 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||