Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2012-1556
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote malicious users to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
Synology Diskstation Manager 3.2-1955
Synology Synology Photo Station 5
1 EDB exploit
409
VMScore
CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
409
VMScore
CVE-2021-26563
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) prior to 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
383
VMScore
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows man-in-the-middle malicious users to obtain sensitive information via an HTTP session.
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
383
VMScore
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to eavesdrop authentication information of DNSExit via unspecified vectors.
Synology Diskstation Manager
383
VMScore
CVE-2020-27650
Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Diskstation Manager
Synology Skynas Firmware
383
VMScore
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) prior to 6.2-23739 allows man-in-the-middle malicious users to compromise non-HTTPS sessions via unspecified vectors.
Synology Diskstation Manager
383
VMScore
CVE-2017-9553
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) prior to 6.1.3-15152 allows remote malicious users to bypass the encryption protection mechanism via the crafted version parameter.
Synology Diskstation Manager
383
VMScore
CVE-2015-4655
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) prior to 5.2-5565 Update 1 allows remote malicious users to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
Synology Diskstation Manager
357
VMScore
CVE-2022-22679
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.
Synology Diskstation Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »