Synology

Diskstation Manager

85 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-27649

  • EPSS 1.46%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5

CVE-2021-29084

  • EPSS 0.31%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to rea...

7.5

CVE-2021-29085

  • EPSS 0.28%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary...

7.5

CVE-2021-29087

  • EPSS 0.23%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

4.3

CVE-2021-33182

  • EPSS 0.12%
  • Published 01.06.2021 14:15:10
  • Last modified 14.01.2025 19:29:55

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vect...

7.8

CVE-2021-29088

  • EPSS 0.09%
  • Published 01.06.2021 14:15:09
  • Last modified 14.01.2025 19:29:55

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.8

CVE-2021-31439

  • EPSS 1.04%
  • Published 21.05.2021 15:15:07
  • Last modified 14.01.2025 19:29:55

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of D...

9

CVE-2021-29083

  • EPSS 2.04%
  • Published 01.04.2021 06:15:17
  • Last modified 14.01.2025 19:29:55

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

9.8

CVE-2021-27647

  • EPSS 1.67%
  • Published 12.03.2021 07:15:13
  • Last modified 14.01.2025 19:29:55

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

9.8

CVE-2021-27646

  • EPSS 2.2%
  • Published 12.03.2021 07:15:13
  • Last modified 14.01.2025 19:29:55

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.