Product:

Diskstation_manager

(Synology)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 88
Date Id Summary Products Score Patch Annotated
2021-02-26 CVE-2021-26567 Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Faad2, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 7.8
2022-02-07 CVE-2021-43929 Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Diskstation_manager 5.4
2020-10-29 CVE-2020-27652 Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Diskstation_manager, Skynas_firmware 8.3
2020-10-29 CVE-2020-27653 Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Diskstation_manager, Router_manager 8.3
2022-10-25 CVE-2022-27622 Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. Diskstation_manager 4.3
2022-10-25 CVE-2022-27623 Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. Diskstation_manager 9.1
2021-02-26 CVE-2021-26566 Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 9.0
2022-10-20 CVE-2022-27625 A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Diskstation_manager 9.8
2022-10-20 CVE-2022-27626 A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Diskstation_manager 8.1
2022-10-20 CVE-2022-3576 A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Diskstation_manager 7.5