Synology

Dsm

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-5401

  • EPSS 0.04%
  • Veröffentlicht 04.12.2025 14:20:18
  • Zuletzt bearbeitet 05.12.2025 21:43:56

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows re...

7.5

CVE-2024-45539

  • EPSS 0.11%
  • Veröffentlicht 04.12.2025 14:17:50
  • Zuletzt bearbeitet 05.12.2025 21:44:16

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via...

9.6

CVE-2024-45538

  • EPSS 0.06%
  • Veröffentlicht 04.12.2025 14:16:26
  • Zuletzt bearbeitet 05.12.2025 21:44:21

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary cod...

7.5

CVE-2025-1021

  • EPSS 0.06%
  • Veröffentlicht 23.04.2025 02:49:45
  • Zuletzt bearbeitet 17.11.2025 14:10:43

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

5.3

CVE-2024-50629

  • EPSS 0.08%
  • Veröffentlicht 19.03.2025 05:49:56
  • Zuletzt bearbeitet 17.11.2025 13:38:39

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote atta...

5.3

CVE-2024-10445

  • EPSS 0.06%
  • Veröffentlicht 19.03.2025 02:10:57
  • Zuletzt bearbeitet 17.11.2025 13:42:21

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow ...

9.8

CVE-2024-10441

  • EPSS 0.54%
  • Veröffentlicht 19.03.2025 02:09:56
  • Zuletzt bearbeitet 17.11.2025 13:43:41

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to e...

7.5

CVE-2024-10444

  • EPSS 0.04%
  • Veröffentlicht 19.03.2025 02:07:02
  • Zuletzt bearbeitet 17.11.2025 13:43:14

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unsp...

2.1

CVE-2010-3684

  • EPSS 0.12%
  • Veröffentlicht 29.09.2010 17:00:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than...

4.3

CVE-2010-2453

  • EPSS 0.32%
  • Veröffentlicht 29.09.2010 17:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, wh...