Synology - Diskstation Manager CVE

Filtered by vendor Synology Subscriptions

Filtered by product Diskstation Manager Subscriptions

Total 94 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-3156	9 Beyondtrust, Debian, Fedoraproject and 6 more	38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more	2024-09-19	7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2022-27625	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2024-09-17	10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2021-26562	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2024-09-17	9 Critical
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2017-16766	1 Synology	1 Diskstation Manager	2024-09-17	N/A
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2021-26569	1 Synology	1 Diskstation Manager	2024-09-17	9.8 Critical
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2022-27614	1 Synology	3 Diskstation Manager, Media Server, Router Manager	2024-09-17	5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-29086	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2024-09-17	5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-26566	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2024-09-17	8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2021-43925	1 Synology	1 Diskstation Manager	2024-09-17	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2022-27624	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2024-09-17	10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2021-29083	1 Synology	1 Diskstation Manager	2024-09-17	7.2 High
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
CVE-2022-22679	1 Synology	1 Diskstation Manager	2024-09-17	6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.
CVE-2022-27622	1 Synology	1 Diskstation Manager	2024-09-17	4.1 Medium
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2018-13293	1 Synology	1 Diskstation Manager	2024-09-17	N/A
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVE-2017-12076	1 Synology	1 Diskstation Manager	2024-09-17	N/A
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2022-27623	1 Synology	1 Diskstation Manager	2024-09-17	7.4 High
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
CVE-2022-27621	1 Synology	2 Diskstation Manager, Usb Copy	2024-09-17	5.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
CVE-2021-26560	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2024-09-17	9 Critical
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26565	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2024-09-17	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
CVE-2022-22688	1 Synology	1 Diskstation Manager	2024-09-17	8.8 High
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

Page 1 of 5. next last »