Filtered by vendor Synology
Subscribe
Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22687 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2021-29085 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 5.0 MEDIUM | 8.6 HIGH |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2022-27620 | 1 Synology | 2 Diskstation Manager, Sso Server | 2025-01-14 | N/A | 6.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2021-26566 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 6.8 MEDIUM | 8.3 HIGH |
| Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | |||||
| CVE-2019-9517 | 12 Apache, Apple, Canonical and 9 more | 25 Http Server, Traffic Server, Mac Os X and 22 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. | |||||
| CVE-2018-13281 | 1 Synology | 3 Diskstation Manager, Skynas, Vs960hd | 2025-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | |||||
| CVE-2018-8916 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.3 MEDIUM |
| Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | |||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 4.3 MEDIUM | 5.8 MEDIUM |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | |||||
| CVE-2018-13280 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.3 MEDIUM | 7.4 HIGH |
| Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | |||||
| CVE-2023-2729 | 1 Synology | 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager | 2025-01-14 | N/A | 5.9 MEDIUM |
| Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | |||||
| CVE-2023-0142 | 1 Synology | 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager | 2025-01-14 | N/A | 6.5 MEDIUM |
| Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2021-26560 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 5.8 MEDIUM | 9.0 CRITICAL |
| Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | |||||
| CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2025-01-14 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | |||||
| CVE-2017-12075 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 MEDIUM | 7.2 HIGH |
| Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | |||||
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 5.0 MEDIUM | 8.3 HIGH |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | |||||
| CVE-2019-9513 | 12 Apache, Apple, Canonical and 9 more | 22 Traffic Server, Mac Os X, Swiftnio and 19 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | |||||
| CVE-2018-7184 | 5 Canonical, Netapp, Ntp and 2 more | 10 Ubuntu Linux, Cloud Backup, Steelstore Cloud Integrated Storage and 7 more | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. | |||||
| CVE-2021-26565 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 4.3 MEDIUM | 8.3 HIGH |
| Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | |||||