Search Results (351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27652 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2025-01-14 8.3 High
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2023-0142 1 Synology 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager 2025-01-14 6.5 Medium
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2025-01-14 5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2022-27616 1 Synology 1 Diskstation Manager 2025-01-14 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2020-27656 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVE-2018-13291 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2022-27618 1 Synology 2 Diskstation Manager, Storage Analyzer 2025-01-14 6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2018-8916 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVE-2022-27617 1 Synology 2 Calendar, Diskstation Manager 2025-01-14 5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
CVE-2021-27649 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 9.8 Critical
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-43927 1 Synology 1 Diskstation Manager 2025-01-14 4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43926 1 Synology 1 Diskstation Manager 2025-01-14 4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2022-22688 1 Synology 1 Diskstation Manager 2025-01-14 8.8 High
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2019-19344 4 Canonical, Opensuse, Samba and 1 more 7 Ubuntu Linux, Leap, Samba and 4 more 2025-01-14 6.5 Medium
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
CVE-2021-27646 1 Synology 1 Diskstation Manager 2025-01-14 9.8 Critical
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27647 1 Synology 1 Diskstation Manager 2025-01-14 9.8 Critical
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2022-22683 1 Synology 3 Diskstation Manager, Media Server, Router Manager 2025-01-14 10 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22684 1 Synology 1 Diskstation Manager 2025-01-14 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-27614 1 Synology 3 Diskstation Manager, Media Server, Router Manager 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2020-27650 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2025-01-14 5.8 Medium
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.