Lucene search
K

57 matches found

NVD
NVD
added 2026/05/27 9:16 a.m.17 views

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

9.8CVSS0.00533EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:36 a.m.20 views

CVE-2025-13392

Summary : CVE-2025-13392 affects Synology DiskStation Manager (DSM) via an improper check in the SSO authentication flow, enabling remote authentication bypass with knowledge of a DN. Affected versions : DSM before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected). Impact : local/remo...

9.8CVSS5.8AI score0.00533EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.8 views

PT-2026-33604

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 2:16 p.m.7 views

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

9.6CVSS7.6AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14395

Malware in sbrugna...

9.8CVSS9.2AI score0.02007EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/22 12:0 a.m.11 views

Synology DSM Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-27653)

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.325426 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

8.3CVSS8.2AI score0.00822EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.19 views

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9515)

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost...

7.8CVSS7.9AI score0.87806EPSS
Exploits0References39
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.30 views

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9516)

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

7.5CVSS7.4AI score0.56262EPSS
Exploits0References38
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.16 views

Synology DSM HTTP/2 Implementations Window Size and Stream Prioritization Manipulation (CVE-2019-9511)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

7.8CVSS7.9AI score0.58373EPSS
Exploits0References48
OSV
OSV
added 2023/06/13 8:15 a.m.5 views

CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors...

7.5CVSS7.4AI score0.00875EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.4 views

SUSE CVE-2015-2809

The Multicast DNS mDNS responder in Synology DiskStation Manager DSM before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service traffic amplification or obtain potentially sensitive information via...

5CVSS8.8AI score0.03673EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/11/18 12:0 a.m.20 views

Synology DiskStation Manager (DSM) Multiple Samba Vulnerabilities (Synology-SA-22:10)

Synology DiskStation Manager DSM is prone to multiple vulnerabilities in Samba. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.5AI score0.01064EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/11/18 12:0 a.m.20 views

Synology DiskStation Manager (DSM) 6.2.x, 7.0.x OpenSSL Vulnerability (Synology-SA-22:04)

Synology DiskStation Manager DSM is prone to a denial of service DoS vulnerability in OpenSSL. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS8.1AI score0.70561EPSS
Exploits2References1
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

CVE-2022-27622

Server-Side Request Forgery SSRF vulnerability in Package Center functionality in Synology DiskStation Manager DSM before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors...

4.3CVSS5.8AI score0.00666EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/10/25 12:0 a.m.22 views

Synology NAS / DiskStation Manager (DSM) Detection Consolidation

Consolidation of Synology NAS devices, DiskStation Manager DSM OS and application detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.4AI score
Exploits0References1
NVD
NVD
added 2022/10/20 6:15 a.m.11 views

CVE-2022-27625

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology...

10CVSS0.01479EPSS
Exploits0References1
Prion
Prion
added 2022/10/20 6:15 a.m.22 views

Race condition

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...

5.1CVSS8.3AI score0.00984EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/03/25 7:15 a.m.24 views

CVE-2022-22687

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in Authentication functionality in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

9.8CVSS0.02285EPSS
Exploits0References1
CVE
CVE
added 2022/03/25 6:55 a.m.88 views

CVE-2022-22688

CVE-2022-22688 is a vulnerability in Synology DiskStation Manager (DSM) File service where improper neutralization of special command elements enables a remote authenticated user to execute arbitrary commands. Affected software: DSM versions prior to 6.2.4-25556-2. Root cause: inadequate filterin...

8.8CVSS8.7AI score0.01575EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/07 3:15 a.m.5 views

CVE-2021-43927

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Security Management functionality in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors...

9.8CVSS5.9AI score0.00875EPSS
Exploits0References1
Rows per page
Query Builder