Vulnerabilities > Synology > Diskstation Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-24 | CVE-2024-0854 | Unspecified vulnerability in Synology Diskstation Manager URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 5.4 |
| 2023-06-13 | CVE-2023-2729 | Unspecified vulnerability in Synology products Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | 7.5 |
| 2023-06-13 | CVE-2023-0142 | Unspecified vulnerability in Synology products Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. | 8.1 |
| 2022-10-25 | CVE-2022-27622 | Unspecified vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |
| 2022-10-25 | CVE-2022-27623 | Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 9.1 |
| 2022-10-20 | CVE-2022-27624 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-10-20 | CVE-2022-27625 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. | 9.8 |
| 2022-10-20 | CVE-2022-27626 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. | 8.1 |
| 2022-10-20 | CVE-2022-3576 | Unspecified vulnerability in Synology Diskstation Manager A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. | 7.5 |
| 2022-08-03 | CVE-2022-27616 | Unspecified vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 7.2 |