Diskstation Manager@6.2 Security Vulnerabilities and Issues — Diskstation Manager@6.2 CVE List

Lucene search

SynologyDiskstation Manager6.2

11 matches found

CVE•added 2022/02/21 3:15 p.m.•969 views

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and w...

9CVSS8.9AI score0.24962EPSS

CVE•added 2022/02/07 2:15 a.m.•111 views

CVE-2022-22680

Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.2AI score0.00211EPSS

CVE•added 2022/07/27 8:15 a.m.•87 views

CVE-2022-27610

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.

8.1CVSS7.5AI score0.00877EPSS

CVE•added 2022/03/25 7:15 a.m.•86 views

CVE-2022-22687

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS9.7AI score0.05609EPSS

CVE•added 2022/03/25 7:15 a.m.•74 views

CVE-2022-22688

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

8.8CVSS8.7AI score0.02178EPSS

CVE•added 2022/02/07 3:15 a.m.•60 views

CVE-2022-22679

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.

6.5CVSS4.9AI score0.00271EPSS

CVE•added 2022/02/07 3:15 a.m.•57 views

CVE-2021-43925

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

9.8CVSS9.6AI score0.00415EPSS

CVE•added 2022/08/03 2:15 a.m.•57 views

CVE-2022-27616

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

7.2CVSS7.2AI score0.01623EPSS

CVE•added 2022/02/07 3:15 a.m.•49 views

CVE-2021-43926

9.8CVSS9.6AI score0.00415EPSS

CVE•added 2022/02/07 3:15 a.m.•47 views

CVE-2021-43927

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

9.8CVSS9.6AI score0.00415EPSS

CVE•added 2022/02/07 3:15 a.m.•38 views

CVE-2021-43929

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5CVSS4.5AI score0.00137EPSS