Latest synology diskstation manager Vulnerabilities

CVE-2024-0854
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phish...
Synology DiskStation Manager<7.2.1-69057-2
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecif...
Synology DiskStation Manager>=6.2<7.2-64561
Synology Diskstation Manager Unified Controller=3.1
Synology Router Manager>=1.2<1.3.1-9346
Synology Router Manager=1.3.1-9346
Synology Router Manager=1.3.1-9346-update_1
Synology Router Manager=1.3.1-9346-update_2
and 3 more
CVE-2023-0142
Synology DiskStation Manager>=6.2<7.1-42661
Synology Diskstation Manager Unified Controller=3.1
Synology Router Manager>=1.2<1.3.1-9346
Synology Router Manager=1.3.1-9346
Synology Router Manager=1.3.1-9346-update_1
Synology Router Manager=1.3.1-9346-update_2
and 3 more
CVE-2022-27623
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary f...
Synology DiskStation Manager<7.1-42661
CVE-2022-27622
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources v...
Synology DiskStation Manager<7.1-42661
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecif...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. ...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote a...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote at...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27621
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or wri...
Synology USB Copy<2.2.0-1086
Synology DiskStation Manager=6.2
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
CVE-2022-27618
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to del...
Synology Storage Analyzer<2.1.0-0390
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
Synology Storage Analyzer<2.0.1-0214
Synology DiskStation Manager=6.2
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download ar...
Synology Calendar<2.3.4-0631
Synology DiskStation Manager=6.2
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbi...
Synology SSO Server<2.2.3-0331
Synology DiskStation Manager=6.2
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
CVE-2022-27616
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote au...
Synology DiskStation Manager>=6.2<6.2.4-25556-5
Synology DiskStation Manager>=7.0<7.0.1-42218-3
CVE-2022-27614
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecifie...
Synology Media Server<1.8.1-2876
Synology DiskStation Manager=6.2
Synology Media Server<1.4-2665
Synology Router Manager=1.2
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via u...
Synology Media Server<1.8.1-2876
Synology DiskStation Manager=6.2
Synology Media Server<1.4-2665
Synology Router Manager=1.2
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows re...
Synology DiskStation Manager<6.2.4-25553
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated us...
Synology DiskStation Manager>=6.2<6.2.3-25423
CVE-2022-22687
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers ...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote...
Synology DiskStation Manager>=6.2<6.2.4-25556-2
Synology DiskStation Manager>=7.0<7.0.1-42214
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2022-22679
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote auth...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43926
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows rem...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43929
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allo...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43925
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2022-22680
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-29087
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to w...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-29085
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-27649
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-29084
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-29086
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive info...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-33182
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticate...
Synology DiskStation Manager<6.2.4-25553
CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code vi...
Synology DiskStation Manager<6.2.4-25553
CVE-2021-31439
Synology DiskStation Manager Netatalk dsi_doff Heap-based Buffer Overflow Remote Code Execution Vulnerability
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netatalk Netatalk<3.1.13
debian/netatalk<=3.1.12~ds-3
CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arb...
Synology DiskStation Manager<6.2.3-25426-3
CVE-2021-27647
(Pwn2Own) Synology DiskStation Manager StartEngCommPipeServer HandleSendMsg Out-Of-Bounds Read Information Disclosure Vulnerability
Synology DiskStation Manager
Synology DiskStation Manager<6.2.3-25426-3
CVE-2021-27646
(Pwn2Own) Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability
Synology DiskStation Manager
Synology DiskStation Manager<6.2.3-25426-3
CVE-2021-26569
(Pwn2Own) Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability
Synology DiskStation Manager
Synology DiskStation Manager<6.2.3-25426-3
CVE-2021-26563
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology DiskStation Manager<6.2.4-25553
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26562
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTT...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP s...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26566
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary command...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive informatio...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 2 more
CVE-2021-26561
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via a...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-3156
Sudo Heap-Based Buffer Overflow Vulnerability
debian/sudo
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
and 55 more
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication informat...
Synology DiskStation Manager>=6.2<6.2.3-25426-2
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecifie...
Synology DiskStation Manager=6.2.3_25426
Synology Router Manager>=1.2<1.2.4-8081
CVE-2020-27652
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via un...
Synology DiskStation Manager>=6.2<6.2.3-25426-2
Synology Skynas Firmware<6.2.3-25426
Synology Skynas

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203