Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
356
VMScore
CVE-2021-33182
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
Synology Diskstation Manager
383
VMScore
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to eavesdrop authentication information of DNSExit via unspecified vectors.
Synology Diskstation Manager
383
VMScore
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows man-in-the-middle malicious users to compromise non-HTTPS sessions via unspecified vectors.
Synology Diskstation Manager
312
VMScore
CVE-2018-13293
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) prior to 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
Synology Diskstation Manager
356
VMScore
CVE-2018-8916
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows remote authenticated users to reset password without verification.
Synology Diskstation Manager
578
VMScore
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
Synology Diskstation Manager
578
VMScore
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) prior to 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Synology Diskstation Manager
356
VMScore
CVE-2017-15894
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x prior to 6.0.3-8754-3 and prior to 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology Diskstation Manager
383
VMScore
CVE-2015-4655
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) prior to 5.2-5565 Update 1 allows remote malicious users to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
Synology Diskstation Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »