Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

19 matches found

CVE•added 2022/02/21 3:15 p.m.•957 views

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and w...

9CVSS8.9AI score0.28831EPSS

CVE•added 2017/10/04 1:29 a.m.•579 views

CVE-2017-14491

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

9.8CVSS9.1AI score0.52378EPSS

CVE•added 2021/03/12 7:15 a.m.•173 views

CVE-2021-27647

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

9.8CVSS9.7AI score0.02051EPSS

CVE•added 2021/03/12 7:15 a.m.•93 views

CVE-2021-26569

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

9.8CVSS8.8AI score0.0162EPSS

CVE•added 2021/02/26 10:15 p.m.•91 views

CVE-2021-26562

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

9CVSS8.7AI score0.01702EPSS

CVE•added 2021/03/12 7:15 a.m.•91 views

CVE-2021-27646

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

9.8CVSS9.8AI score0.01837EPSS

CVE•added 2021/02/26 10:15 p.m.•87 views

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

9CVSS9.2AI score0.00437EPSS

CVE•added 2022/03/25 7:15 a.m.•85 views

CVE-2022-22687

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS9.7AI score0.07586EPSS

CVE•added 2021/02/26 10:15 p.m.•80 views

CVE-2021-26561

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

9CVSS8.8AI score0.02432EPSS

CVE•added 2021/04/01 6:15 a.m.•77 views

CVE-2021-29083

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

9CVSS8.5AI score0.02462EPSS

CVE•added 2021/02/26 10:15 p.m.•67 views

CVE-2021-26560

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

9CVSS7.7AI score0.00151EPSS

CVE•added 2021/06/23 10:15 a.m.•56 views

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS9.9AI score0.01303EPSS

CVE•added 2022/10/25 5:15 p.m.•56 views

CVE-2022-27623

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.

9.1CVSS9.2AI score0.0064EPSS

CVE•added 2022/02/07 3:15 a.m.•55 views

CVE-2021-43925

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

9.8CVSS9.6AI score0.00594EPSS

CVE•added 2020/10/29 9:15 a.m.•51 views

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

9CVSS8.4AI score0.00177EPSS

CVE•added 2022/02/07 3:15 a.m.•48 views

CVE-2021-43926

9.8CVSS9.6AI score0.00594EPSS

CVE•added 2019/04/01 3:29 p.m.•47 views

CVE-2018-13284

Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

9CVSS8.7AI score0.00663EPSS

CVE•added 2018/12/24 3:29 p.m.•46 views

CVE-2018-8919

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

9.8CVSS9.1AI score0.00376EPSS

CVE•added 2022/02/07 3:15 a.m.•46 views

CVE-2021-43927

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

9.8CVSS9.6AI score0.00594EPSS