Synology

Diskstation Manager Unified Controller

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-5401

  • EPSS 0.04%
  • Veröffentlicht 04.12.2025 14:20:18
  • Zuletzt bearbeitet 05.12.2025 21:43:56

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows re...

7.5

CVE-2024-45539

  • EPSS 0.11%
  • Veröffentlicht 04.12.2025 14:17:50
  • Zuletzt bearbeitet 05.12.2025 21:44:16

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via...

9.6

CVE-2024-45538

  • EPSS 0.06%
  • Veröffentlicht 04.12.2025 14:16:26
  • Zuletzt bearbeitet 05.12.2025 21:44:21

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary cod...

9.8

CVE-2022-22687

  • EPSS 5.34%
  • Veröffentlicht 25.03.2022 07:15:07
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8

CVE-2021-27649

  • EPSS 1.46%
  • Veröffentlicht 23.06.2021 10:15:08
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5

CVE-2021-29087

  • EPSS 0.3%
  • Veröffentlicht 23.06.2021 10:15:08
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

7.5

CVE-2021-29086

  • EPSS 0.2%
  • Veröffentlicht 23.06.2021 10:15:08
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5

CVE-2021-29085

  • EPSS 0.28%
  • Veröffentlicht 23.06.2021 10:15:08
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary...

7.5

CVE-2021-29084

  • EPSS 0.42%
  • Veröffentlicht 23.06.2021 10:15:08
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to rea...

7.8

CVE-2021-26567

  • EPSS 1.13%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.