Synology CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Search

Switch to Advanced Search (Beta)

Total 324 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-29087	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2017-12075	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2018-13286	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13291	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2021-29084	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	7.5 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2018-7170	4 Hpe, Netapp, Ntp and 1 more	10 Hpux-ntp, Hci, Solidfire and 7 more	2025-01-14	5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2018-13284	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2018-13281	1 Synology	3 Diskstation Manager, Skynas, Vs960hd	2025-01-14	N/A
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
CVE-2018-8916	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVE-2018-8917	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2021-43926	1 Synology	1 Diskstation Manager	2025-01-14	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43927	1 Synology	1 Diskstation Manager	2025-01-14	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2020-27648	1 Synology	3 Diskstation Manager, Skynas, Skynas Firmware	2025-01-14	8.3 High
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2020-27656	1 Synology	1 Diskstation Manager	2025-01-14	6.5 Medium
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVE-2021-26560	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	9 Critical
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26567	2 Faad2 Project, Synology	8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more	2025-01-14	7.8 High
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVE-2021-26569	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27647	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27649	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22679	1 Synology	1 Diskstation Manager	2025-01-14	6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.

« first previous Page 10 of 17. next last »