Filtered by vendor Synology
Subscriptions
Filtered by product Diskstation Manager
Subscriptions
Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10443 | 1 Synology | 5 Beephotos, Beestation Os, Diskstation Manager and 2 more | 2025-04-10 | 9.8 Critical |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-3156 | 9 Beyondtrust, Debian, Fedoraproject and 6 more | 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more | 2025-04-03 | 7.8 High |
| Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | ||||
| CVE-2024-29231 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-03-25 | 5.4 Medium |
| Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | ||||
| CVE-2024-29241 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 9.9 Critical |
| Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | ||||
| CVE-2024-29240 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 4.3 Medium |
| Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2024-29230 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29239 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29234 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29233 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29232 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29227 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29229 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 7.7 High |
| Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-29228 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 7.7 High |
| Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2018-8920 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | ||||
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | ||||
| CVE-2018-8917 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
| CVE-2018-8916 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2025-01-14 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2025-01-14 | 7.5 High |
| The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | ||||
| CVE-2018-7170 | 4 Hpe, Netapp, Ntp and 1 more | 10 Hpux-ntp, Hci, Solidfire and 7 more | 2025-01-14 | 5.3 Medium |
| ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. | ||||