Synology

Diskstation Manager Unified Controller

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-22687

  • EPSS 5.61%
  • Published 25.03.2022 07:15:07
  • Last modified 14.01.2025 19:29:55

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8

CVE-2021-27649

  • EPSS 1.46%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5

CVE-2021-29084

  • EPSS 0.31%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to rea...

7.5

CVE-2021-29085

  • EPSS 0.28%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary...

7.5

CVE-2021-29086

  • EPSS 0.2%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5

CVE-2021-29087

  • EPSS 0.23%
  • Published 23.06.2021 10:15:08
  • Last modified 14.01.2025 19:29:55

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

8.1

CVE-2021-26562

Exploit
  • EPSS 1.39%
  • Published 26.02.2021 22:15:20
  • Last modified 14.01.2025 19:29:55

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

6.7

CVE-2021-26563

Exploit
  • EPSS 0.12%
  • Published 26.02.2021 22:15:20
  • Last modified 14.01.2025 19:29:55

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.7

CVE-2021-26564

Exploit
  • EPSS 0.16%
  • Published 26.02.2021 22:15:20
  • Last modified 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

5.9

CVE-2021-26565

Exploit
  • EPSS 0.18%
  • Published 26.02.2021 22:15:20
  • Last modified 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.