Diskstation Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-24	CVE-2024-0854	Open Redirect vulnerability in Synology Diskstation Manager URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. network low complexity synology CWE-601	5.4
2023-06-13	CVE-2023-2729	Unspecified vulnerability in Synology products Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. network low complexity synology	7.5
2023-06-13	CVE-2023-0142	Unspecified vulnerability in Synology products Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. network low complexity synology	8.1
2022-10-25	CVE-2022-27622	Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. network low complexity synology CWE-918	4.3
2022-10-25	CVE-2022-27623	Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. network low complexity synology CWE-306 critical	9.1
2022-10-20	CVE-2022-27624	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-119 critical	9.8
2022-10-20	CVE-2022-27625	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-119 critical	9.8
2022-10-20	CVE-2022-27626	Race Condition vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. network high complexity synology CWE-362	8.1
2022-10-20	CVE-2022-3576	Out-of-bounds Read vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. network low complexity synology CWE-125	7.5
2022-03-25	CVE-2022-22687	Classic Buffer Overflow vulnerability in Synology products Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology CWE-120	7.5