Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-8917
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Synology Diskstation Manager
5
CVSSv2
CVE-2018-8919
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to steal credentials via unspecified vectors.
Synology Diskstation Manager
6.5
CVSSv2
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
Synology Diskstation Manager
7.5
CVSSv2
CVE-2021-43925
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vectors.
Synology Diskstation Manager
7.5
CVSSv2
CVE-2021-43926
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vectors.
Synology Diskstation Manager
4
CVSSv2
CVE-2021-43929
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML...
Synology Diskstation Manager
9
CVSSv2
CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
Synology Diskstation Manager
4.6
CVSSv2
CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecifi...
Synology Diskstation Manager
6.5
CVSSv2
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified v...
Synology Diskstation Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »