CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Filtered by product Diskstation Manager Subscriptions

Total 110 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-3156	9 Beyondtrust, Debian, Fedoraproject and 6 more	38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more	2025-04-03	7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2024-29231	1 Synology	2 Diskstation Manager, Surveillance Station	2025-03-25	5.4 Medium
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
CVE-2024-10443	1 Synology	5 Beephotos, Beestation Os, Diskstation Manager and 2 more	2025-03-21	9.8 Critical
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-29241	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-15	9.9 Critical
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
CVE-2024-29240	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-15	4.3 Medium
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2024-29230	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-15	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29239	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29234	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29233	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29232	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29227	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29229	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	7.7 High
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2024-29228	1 Synology	2 Diskstation Manager, Surveillance Station	2025-01-14	7.7 High
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2021-29087	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-01-14	7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-26569	1 Synology	1 Diskstation Manager	2025-01-14	9.8 Critical
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2022-27623	1 Synology	1 Diskstation Manager	2025-01-14	7.4 High
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
CVE-2021-26564	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26563	1 Synology	7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more	2025-01-14	8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2018-13286	1 Synology	1 Diskstation Manager	2025-01-14	N/A
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2022-3576	1 Synology	4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more	2025-01-14	5.3 Medium
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

Page 1 of 6. next last »