Diskstation Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-24	CVE-2024-0854	Open Redirect vulnerability in Synology Diskstation Manager URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. network low complexity synology CWE-601	5.4
2023-06-13	CVE-2023-2729	Unspecified vulnerability in Synology products Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. network low complexity synology	7.5
2023-06-13	CVE-2023-0142	Uncontrolled Search Path Element vulnerability in Synology products Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. network low complexity synology CWE-427	8.1
2022-10-25	CVE-2022-27622	Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. network low complexity synology CWE-918	4.3
2022-10-25	CVE-2022-27623	Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. network low complexity synology CWE-306 critical	9.1
2022-10-20	CVE-2022-27624	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-119 critical	9.8
2022-10-20	CVE-2022-27625	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-119 critical	9.8
2022-10-20	CVE-2022-27626	Race Condition vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. network high complexity synology CWE-362	8.1
2022-10-20	CVE-2022-3576	Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-125	7.5
2022-08-03	CVE-2022-27616	OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. network low complexity synology CWE-78	7.2