cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0854,https://securityvulnerability.io/vulnerability/CVE-2024-0854,,"URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.",Synology,Diskstation Manager (dsm),5.4,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2024-01-24T10:08:55.529Z,0
CVE-2023-2729,https://securityvulnerability.io/vulnerability/CVE-2023-2729,Insufficient Randomness in User Management Functionality of Synology DiskStation Manager,"A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.",Synology,"DiskStation Manager (DSM),Unified Controller (DSMUC),Synology Router Manager (SRM)",7.5,HIGH,0.0013500000350177288,false,true,false,false,,false,false,2023-06-13T08:15:00.000Z,0
CVE-2023-0142,https://securityvulnerability.io/vulnerability/CVE-2023-0142,,"Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.",Synology,"Diskstation Manager (dsm),Unified Controller (dsmuc),Synology Router Manager (srm)",6.5,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-06-13T07:15:00.000Z,0
CVE-2022-27623,https://securityvulnerability.io/vulnerability/CVE-2022-27623,,Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.4,HIGH,0.0012199999764561653,false,false,false,false,,false,false,2022-10-25T17:15:00.000Z,0
CVE-2022-27622,https://securityvulnerability.io/vulnerability/CVE-2022-27622,,Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.,Synology,Diskstation Manager (dsm),4.1,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-10-25T17:15:00.000Z,0
CVE-2022-27625,https://securityvulnerability.io/vulnerability/CVE-2022-27625,,"A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",Synology,Diskstation Manager (dsm),10,CRITICAL,0.0010900000343099236,false,false,false,false,,false,false,2022-10-20T00:00:00.000Z,0
CVE-2022-27626,https://securityvulnerability.io/vulnerability/CVE-2022-27626,,"A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",Synology,Diskstation Manager (dsm),10,CRITICAL,0.0008900000248104334,false,false,false,false,,false,false,2022-10-20T00:00:00.000Z,0
CVE-2022-27624,https://securityvulnerability.io/vulnerability/CVE-2022-27624,,"A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",Synology,Diskstation Manager (dsm),10,CRITICAL,0.0010900000343099236,false,false,false,false,,false,false,2022-10-20T00:00:00.000Z,0
CVE-2022-3576,https://securityvulnerability.io/vulnerability/CVE-2022-3576,,"A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",Synology,Diskstation Manager (dsm),5.3,MEDIUM,0.0012000000569969416,false,false,false,false,,false,false,2022-10-20T00:00:00.000Z,0
CVE-2022-27616,https://securityvulnerability.io/vulnerability/CVE-2022-27616,,Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.,Synology,Diskstation Manager (dsm),7.2,HIGH,0.000699999975040555,false,false,false,false,,false,false,2022-08-03T02:15:00.000Z,0
CVE-2022-22684,https://securityvulnerability.io/vulnerability/CVE-2022-22684,,Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.,Synology,Diskstation Manager (dsm),7.2,HIGH,0.000699999975040555,false,false,false,false,,false,false,2022-07-28T07:15:00.000Z,0
CVE-2022-27610,https://securityvulnerability.io/vulnerability/CVE-2022-27610,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),6.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2022-07-25T00:00:00.000Z,0
CVE-2022-22688,https://securityvulnerability.io/vulnerability/CVE-2022-22688,,Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.,Synology,Diskstation Manager (dsm),8.8,HIGH,0.0006600000197067857,false,false,false,false,,false,false,2022-03-25T07:15:00.000Z,0
CVE-2022-22687,https://securityvulnerability.io/vulnerability/CVE-2022-22687,,Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.,Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0017300000181421638,false,false,false,false,,false,false,2022-03-21T00:00:00.000Z,0
CVE-2021-43925,https://securityvulnerability.io/vulnerability/CVE-2021-43925,,Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.,Synology,Diskstation Manager (dsm),4.7,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2022-02-07T03:15:00.000Z,0
CVE-2021-43926,https://securityvulnerability.io/vulnerability/CVE-2021-43926,,Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.,Synology,Diskstation Manager (dsm),4.7,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2022-02-07T03:15:00.000Z,0
CVE-2022-22679,https://securityvulnerability.io/vulnerability/CVE-2022-22679,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),6.5,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2022-02-07T03:15:00.000Z,0
CVE-2021-43929,https://securityvulnerability.io/vulnerability/CVE-2021-43929,,Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Synology,Diskstation Manager (dsm),6.5,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-02-07T03:15:00.000Z,0
CVE-2021-43927,https://securityvulnerability.io/vulnerability/CVE-2021-43927,,Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.,Synology,Diskstation Manager (dsm),4.7,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2022-02-07T03:15:00.000Z,0
CVE-2022-22680,https://securityvulnerability.io/vulnerability/CVE-2022-22680,,Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Diskstation Manager (dsm),5.3,MEDIUM,0.0013200000394135714,false,false,false,false,,false,false,2022-02-07T02:15:00.000Z,0
CVE-2021-29086,https://securityvulnerability.io/vulnerability/CVE-2021-29086,,Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Diskstation Manager (dsm),5.3,MEDIUM,0.0013200000394135714,false,false,false,false,,false,false,2021-06-23T00:00:00.000Z,0
CVE-2021-29084,https://securityvulnerability.io/vulnerability/CVE-2021-29084,,Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.002219999907538295,false,false,false,false,,false,false,2021-06-23T00:00:00.000Z,0
CVE-2021-29087,https://securityvulnerability.io/vulnerability/CVE-2021-29087,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2021-06-23T00:00:00.000Z,0
CVE-2021-27649,https://securityvulnerability.io/vulnerability/CVE-2021-27649,,Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.,Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0014199999859556556,false,false,false,false,,false,false,2021-06-23T00:00:00.000Z,0
CVE-2021-29085,https://securityvulnerability.io/vulnerability/CVE-2021-29085,,Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),8.6,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2021-06-23T00:00:00.000Z,0