Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Synology Subscribe
Filtered by product Diskstation Manager
Total 94 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26560 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 5.8 MEDIUM 7.4 HIGH
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 4.6 MEDIUM 6.7 MEDIUM
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26564 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 5.8 MEDIUM 8.7 HIGH
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26561 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 6.8 MEDIUM 8.1 HIGH
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2022-22688 1 Synology 1 Diskstation Manager 2022-03-30 6.5 MEDIUM 8.8 HIGH
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-22687 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2022-03-30 7.5 HIGH 9.8 CRITICAL
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22679 1 Synology 1 Diskstation Manager 2022-02-10 4.0 MEDIUM 4.9 MEDIUM
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.
CVE-2021-43927 1 Synology 1 Diskstation Manager 2022-02-10 7.5 HIGH 9.8 CRITICAL
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43926 1 Synology 1 Diskstation Manager 2022-02-10 7.5 HIGH 9.8 CRITICAL
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43925 1 Synology 1 Diskstation Manager 2022-02-10 7.5 HIGH 9.8 CRITICAL
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2022-22680 1 Synology 1 Diskstation Manager 2022-02-10 5.0 MEDIUM 7.5 HIGH
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-5753 13 Arm, Canonical, Debian and 10 more 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more 2021-11-23 4.7 MEDIUM 5.6 MEDIUM
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2021-29084 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2021-06-29 5.0 MEDIUM 7.5 HIGH
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-27649 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2021-06-29 7.5 HIGH 9.8 CRITICAL
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29085 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2021-06-29 5.0 MEDIUM 7.5 HIGH
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29087 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2021-06-29 5.0 MEDIUM 7.5 HIGH
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-29086 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2021-06-29 5.0 MEDIUM 7.5 HIGH
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-33182 1 Synology 1 Diskstation Manager 2021-06-09 4.0 MEDIUM 4.3 MEDIUM
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
CVE-2021-29088 1 Synology 1 Diskstation Manager 2021-06-09 4.6 MEDIUM 7.8 HIGH
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2018-8920 1 Synology 1 Diskstation Manager 2021-05-12 6.5 MEDIUM 7.2 HIGH
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.