Vulnerabilities > Synology > Diskstation Manager

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-0854 Open Redirect vulnerability in Synology Diskstation Manager
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
network
low complexity
synology CWE-601
5.4
2023-06-13 CVE-2023-2729 Unspecified vulnerability in Synology products
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
network
low complexity
synology
7.5
2023-06-13 CVE-2023-0142 Unspecified vulnerability in Synology products
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
network
low complexity
synology
8.1
2022-10-25 CVE-2022-27622 Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
4.3
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
9.1
2022-10-20 CVE-2022-27624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27625 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27626 Race Condition vulnerability in Synology Diskstation Manager
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management.
network
high complexity
synology CWE-362
8.1
2022-10-20 CVE-2022-3576 Out-of-bounds Read vulnerability in Synology Diskstation Manager
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-125
7.5
2022-03-25 CVE-2022-22687 Classic Buffer Overflow vulnerability in Synology products
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-120
7.5