Diskstation Manager CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Filtered by product Diskstation Manager Subscriptions

Search

Switch to Advanced Search (Beta)

Total 111 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-29227	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29230	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29231	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29232	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29233	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29234	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29235	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29236	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29237	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29238	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29239	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29240	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	4.3 Medium
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29241	1 Synology	2 Diskstation Manager, Surveillance Station	2025-08-04	9.9 Critical
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and write sensitive configurations in DSM via unspecified vectors.
CVE-2021-3156	9 Beyondtrust, Debian, Fedoraproject and 6 more	38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more	2025-07-30	7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2024-0854	1 Synology	1 Diskstation Manager	2025-05-30	5.4 Medium
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
CVE-2022-27626	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2025-05-08	10 Critical
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-27625	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2025-05-07	10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2022-27623	1 Synology	1 Diskstation Manager	2025-05-07	7.4 High
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
CVE-2022-27622	1 Synology	1 Diskstation Manager	2025-05-07	4.1 Medium
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2022-27624	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2025-05-07	10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

Page 1 of 6. next last »