Synology CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (326 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-26563	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26564	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26565	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
CVE-2021-26566	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2021-26567	2 Faad2 Project, Synology	8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more	2025-01-14	7.8 High
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVE-2021-26569	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-33182	1 Synology	1 Diskstation Manager	2025-01-14	5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
CVE-2021-27646	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27647	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27649	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2018-7170	4 Hpe, Netapp, Ntp and 1 more	10 Hpux-ntp, Hci, Solidfire and 7 more	2025-01-14	5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2021-43925	1 Synology	1 Diskstation Manager	2025-01-14	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43926	1 Synology	1 Diskstation Manager	2025-01-14	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43927	1 Synology	1 Diskstation Manager	2025-01-14	4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2018-13293	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVE-2018-13291	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13286	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2022-22679	1 Synology	1 Diskstation Manager	2025-01-14	6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.
CVE-2022-22687	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2018-13281	1 Synology	3 Diskstation Manager, Skynas, Vs960hd	2025-01-14	N/A
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

« first previous Page 10 of 17. next last »