Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) prior to 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Diskstation Manager
9.1
CVSSv3
CVE-2022-27623
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) prior to 7.1-42661 allows remote malicious users to read or write arbitrary files via unspecified vectors.
Synology Diskstation Manager
7.5
CVSSv3
CVE-2022-22680
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
4.3
CVSSv3
CVE-2021-33182
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2015-2809
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) prior to 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote malicious users to cause a denial of service (traffic amplification) or obtain potent...
Synology Diskstation Manager
3.7
CVSSv3
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to eavesdrop authentication information of DNSExit via unspecified vectors.
Synology Diskstation Manager
7.5
CVSSv3
CVE-2017-9553
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) prior to 6.1.3-15152 allows remote malicious users to bypass the encryption protection mechanism via the crafted version parameter.
Synology Diskstation Manager
5.3
CVSSv3
CVE-2017-9554
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) prior to 6.1.3-15152 allows remote malicious users to enumerate valid usernames via unspecified vectors.
Synology Diskstation Manager
1 EDB exploit
2 Github repositories
9.8
CVSSv3
CVE-2021-43927
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vect...
Synology Diskstation Manager
5.4
CVSSv3
CVE-2021-43929
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML...
Synology Diskstation Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »