Vulnerabilities > Synology > Diskstation Manager > 5.2.5967.9

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-0854 Open Redirect vulnerability in Synology Diskstation Manager
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
network
low complexity
synology CWE-601
5.4
2022-10-25 CVE-2022-27622 Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
4.3
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
9.1
2022-10-20 CVE-2022-27624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27625 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-119
critical
9.8
2022-10-20 CVE-2022-27626 Race Condition vulnerability in Synology Diskstation Manager
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management.
network
high complexity
synology CWE-362
8.1
2022-10-20 CVE-2022-3576 Out-of-bounds Read vulnerability in Synology Diskstation Manager
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management.
network
low complexity
synology CWE-125
7.5
2021-06-01 CVE-2021-29088 Path Traversal vulnerability in Synology Diskstation Manager
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-22
4.6
2021-06-01 CVE-2021-33182 Path Traversal vulnerability in Synology Diskstation Manager
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
network
low complexity
synology CWE-22
4.0
2021-04-01 CVE-2021-29083 OS Command Injection vulnerability in Synology Diskstation Manager
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
network
low complexity
synology CWE-78
critical
9.0