Diskstation Manager Unified Controller CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (21 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-10442	2 Syncology, Synology	5 Replication Service, Diskstation Manager, Diskstation Manager Unified Controller and 2 more	2026-01-16	10 Critical
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
CVE-2024-45538	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-45539	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	7.5 High
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
CVE-2024-5401	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	4.3 Medium
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
CVE-2021-3156	9 Beyondtrust, Debian, Fedoraproject and 6 more	38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more	2025-11-10	7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-26560	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26564	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26566	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2021-29086	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2023-2729	1 Synology	3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager	2025-01-14	5.9 Medium
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
CVE-2022-22687	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-26562	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26567	2 Faad2 Project, Synology	8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more	2025-01-14	7.8 High
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVE-2021-29087	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-26561	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-27649	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-26565	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
CVE-2021-26563	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-29084	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	7.5 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	8.6 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

Page 1 of 2. next last »