Lucene search
K

565 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

9.8CVSS6.6AI score0.00533EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:36 a.m.7 views

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

8.1CVSS6.6AI score0.00533EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/27 8:36 a.m.9 views

EUVD-2025-209956

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

8.1CVSS6.6AI score0.00533EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/16 12:0 a.m.8 views

(Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the afpgetappl function. The issue results from the lack of proper validati...

9.8CVSS6.2AI score0.00586EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

Synology DiskStation Manager Out-of-bounds Write (CVE-2024-45539)

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This plugin only works with...

7.5CVSS5.4AI score0.0042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

Synology DiskStation Manager Improper Certificate Validation (CVE-2024-10445)

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...

5.3CVSS5.3AI score0.00352EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.6 views

Synology DiskStation Manager Improper Control of Dynamically-Managed Code Resources (CVE-2024-5401)

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

8.8CVSS5.5AI score0.00333EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.10 views

CVE-2021-31439

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results fr...

8.8CVSS7AI score0.02331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.11 views

CVE-2025-1021

Missing authorization vulnerability in synocopy in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors...

7.5CVSS7.1AI score0.00466EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.4 views

Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS5.4AI score0.24866EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/12/18 12:0 a.m.3 views

Synology DiskStation Manager (DSM) File Disclosure Vulnerability (Synology-SA-24:20) - Active Check

Synology DiskStation Manager DSM is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.8AI score0.26952EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/12/10 12:0 a.m.5 views

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.1AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 2:27 p.m.5 views

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

9.6CVSS8AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 2:27 p.m.5 views

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

7.5CVSS7AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 3:15 p.m.7 views

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

7.5CVSS0.0042EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 3:15 p.m.4 views

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

9.6CVSS6.1AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 3:15 p.m.5 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

8.8CVSS5.9AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 3:15 p.m.9 views

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

9.6CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 3:15 p.m.8 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

8.8CVSS0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 2:20 p.m.3 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

4.3CVSS6.6AI score0.00333EPSS
Exploits0References1
Rows per page
Query Builder