Search Results (351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-8919 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
CVE-2021-29085 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 8.6 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2020-27652 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2025-01-14 8.3 High
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27656 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2025-01-14 5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2022-27618 1 Synology 2 Diskstation Manager, Storage Analyzer 2025-01-14 6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2017-12075 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2021-31439 3 Debian, Netatalk, Synology 3 Debian Linux, Netatalk, Diskstation Manager 2025-01-14 8.8 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
CVE-2021-26564 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-27647 1 Synology 1 Diskstation Manager 2025-01-14 9.8 Critical
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-29084 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 7.5 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2022-27620 1 Synology 2 Diskstation Manager, Sso Server 2025-01-14 6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2022-27614 1 Synology 3 Diskstation Manager, Media Server, Router Manager 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2022-22687 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22684 1 Synology 1 Diskstation Manager 2025-01-14 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2019-3870 3 Fedoraproject, Samba, Synology 9 Fedora, Samba, Directory Server and 6 more 2025-01-14 6.1 Medium
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
CVE-2021-29087 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2018-7184 5 Canonical, Netapp, Ntp and 2 more 10 Ubuntu Linux, Cloud Backup, Steelstore Cloud Integrated Storage and 7 more 2025-01-14 N/A
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
CVE-2020-27648 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2025-01-14 8.3 High
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2021-29088 1 Synology 1 Diskstation Manager 2025-01-14 7.8 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.