Filtered by vendor Synology
Subscribe
Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 6.8 MEDIUM | 8.3 HIGH |
| Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-13280 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.3 MEDIUM | 7.4 HIGH |
| Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | |||||
| CVE-2022-3576 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-01-14 | N/A | 5.3 MEDIUM |
| A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | |||||
| CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | |||||
| CVE-2022-27614 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | N/A | 5.3 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-29083 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | |||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2025-01-14 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 4.3 MEDIUM | 5.8 MEDIUM |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-13291 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2024-29236 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 5.0 MEDIUM | 8.3 HIGH |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | |||||
| CVE-2021-26569 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.8 MEDIUM | 9.8 CRITICAL |
| Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | |||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-27620 | 1 Synology | 2 Diskstation Manager, Sso Server | 2025-01-14 | N/A | 6.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2023-0142 | 1 Synology | 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager | 2025-01-14 | N/A | 6.5 MEDIUM |
| Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2025-01-14 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2022-27618 | 1 Synology | 2 Diskstation Manager, Storage Analyzer | 2025-01-14 | N/A | 6.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | |||||