Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
Synology Diskstation Manager
7.8
CVSSv3
CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
9.8
CVSSv3
CVE-2021-43927
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vect...
Synology Diskstation Manager
5.4
CVSSv3
CVE-2018-8917
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Synology Diskstation Manager
9.8
CVSSv3
CVE-2018-8919
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) prior to 6.1.6-15266 allows remote malicious users to steal credentials via unspecified vectors.
Synology Diskstation Manager
7.5
CVSSv3
CVE-2022-22680
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
8.8
CVSSv3
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecifi...
Synology Diskstation Manager
8.8
CVSSv3
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) prior to 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified v...
Synology Diskstation Manager
8.8
CVSSv3
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) prior to 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Synology Diskstation Manager
7.5
CVSSv3
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote malicious users to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) ...
Synology Diskstation Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »