cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-0854,https://securityvulnerability.io/vulnerability/CVE-2024-0854,Open Redirect Vulnerability in Synology DiskStation Manager,"An Open Redirect vulnerability exists in Synology DiskStation Manager (DSM), impacting specific versions, allowing remote authenticated users to redirect requests to untrusted sites. This flaw can be exploited for phishing attacks, posing significant risks to users' data security. Administrators are urged to apply the necessary updates and patches to mitigate potential exploitation.",Synology,Diskstation Manager (dsm),5.4,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2024-01-24T10:08:55.529Z,0
CVE-2023-2729,https://securityvulnerability.io/vulnerability/CVE-2023-2729,Insufficient Randomness in User Management Functionality of Synology DiskStation Manager,"A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.",Synology,"DiskStation Manager (DSM),Unified Controller (DSMUC),Synology Router Manager (SRM)",7.5,HIGH,0.0013500000350177288,false,,true,false,false,,,false,false,,2023-06-13T08:15:00.000Z,0
CVE-2023-0142,https://securityvulnerability.io/vulnerability/CVE-2023-0142,Uncontrolled Search Path Vulnerability in Synology DiskStation Manager,The vulnerability in the Backup Management functionality of Synology DiskStation Manager enables remote authenticated users with administrator privileges to manipulate file access. This can result in unauthorized reading or writing of arbitrary files due to unspecified vectors. Users should take immediate action to update affected versions to mitigate potential risks associated with this flaw.,Synology,"Diskstation Manager (dsm),Unified Controller (dsmuc),Synology Router Manager (srm)",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-06-13T07:15:00.000Z,0
CVE-2022-27622,https://securityvulnerability.io/vulnerability/CVE-2022-27622,Server-Side Request Forgery Vulnerability in Synology DiskStation Manager,"A Server-Side Request Forgery (SSRF) vulnerability exists in the Package Center functionality of Synology DiskStation Manager (DSM), allowing remote authenticated users to exploit this weakness. This exploitation can lead to unauthorized access to sensitive intranet resources through unspecified vectors, potentially exposing private data and internal network services.",Synology,Diskstation Manager (dsm),4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-27623,https://securityvulnerability.io/vulnerability/CVE-2022-27623,Missing Authentication Vulnerability in Synology DiskStation Manager iSCSI Management,"A vulnerability in the iSCSI management functionality of Synology DiskStation Manager (DSM) versions prior to 7.1-42661 allows remote attackers to exploit missing authentication measures. This security oversight potentially grants unauthorized users the ability to read or write arbitrary files, leading to significant risks for data integrity and privacy. Users must ensure they are using the latest version of DSM to mitigate these vulnerabilities effectively.",Synology,Diskstation Manager (dsm),9.1,CRITICAL,0.0012199999764561653,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-27625,https://securityvulnerability.io/vulnerability/CVE-2022-27625,Memory Buffer Mismanagement in Synology DiskStation Manager,"A vulnerability exists in the message processing functionality of Out-of-Band (OOB) Management within Synology DiskStation Manager. This flaw permits remote attackers to execute arbitrary commands due to improper restrictions of operations within the bounds of a memory buffer. The affected models include DS3622xs+, FS3410, and HD6500 running on DSM versions prior to 7.1.1-42962-2.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-10-20T00:00:00.000Z,0
CVE-2022-27626,https://securityvulnerability.io/vulnerability/CVE-2022-27626,Race Condition Vulnerability in Synology DiskStation Manager (DSM),"A race condition vulnerability exists within the session processing of Synology DiskStation Manager, allowing remote attackers to exploit improper synchronization with shared resources. This flaw can enable unauthorized execution of arbitrary commands by exploiting specific vectors. Models affected include DS3622xs+, FS3410, and HD6500 running DSM versions prior to 7.1.1-42962-2. Proper mitigation strategies and immediate updates are recommended to ensure system integrity.",Synology,Diskstation Manager (dsm),8.1,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-10-20T00:00:00.000Z,0
CVE-2022-27624,https://securityvulnerability.io/vulnerability/CVE-2022-27624,Improper Memory Buffer Management in Synology DiskStation Manager,"A vulnerability exists in the packet decryption functionality of Out-of-Band (OOB) Management within Synology's DiskStation Manager. This issue arises from an improper restriction of operations within the limits of a memory buffer, potentially allowing remote attackers to execute arbitrary commands through unspecified methods. Models utilizing DSM versions prior to 7.1.1-42962-2 may be impacted, including DS3622xs+, FS3410, and HD6500. It is essential for users to update their systems promptly to mitigate potential exploitation.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-10-20T00:00:00.000Z,0
CVE-2022-3576,https://securityvulnerability.io/vulnerability/CVE-2022-3576,Out-of-Bounds Read Vulnerability in Synology DiskStation Manager,"A vulnerability exists in the session processing functionality of Out-of-Band (OOB) Management in Synology DiskStation Manager. This flaw allows remote attackers to exploit the system by accessing sensitive information through unspecified vectors. Models such as DS3622xs+, FS3410, and HD6500 running DSM versions prior to 7.1.1-42962-2 may be at risk, emphasizing the importance of timely updates to mitigate potential exploitation.",Synology,Diskstation Manager (dsm),7.5,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2022-10-20T00:00:00.000Z,0
CVE-2022-27616,https://securityvulnerability.io/vulnerability/CVE-2022-27616,OS Command Injection Vulnerability in Synology DiskStation Manager,"An OS Command Injection vulnerability exists in the webapi component of Synology DiskStation Manager, allowing remote authenticated users to execute arbitrary commands. This flaw can be exploited through various unspecified vectors, posing a serious risk to the integrity and security of the affected system. Users are advised to update their DiskStation Manager to the latest version to mitigate this vulnerability.",Synology,Diskstation Manager (dsm),7.2,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2022-08-03T02:15:00.000Z,0
CVE-2022-22684,https://securityvulnerability.io/vulnerability/CVE-2022-22684,OS Command Injection Vulnerability in Synology DiskStation Manager,"An OS Command Injection vulnerability exists within the task management component of Synology DiskStation Manager, allowing remote authenticated users to execute arbitrary commands. This vulnerability is present in versions prior to 6.2.4-25553 and poses a risk as it can be exploited through unspecified vectors, potentially leading to unauthorized access or manipulation of system commands.",Synology,Diskstation Manager (dsm),8.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2022-07-28T07:15:00.000Z,0
CVE-2022-27610,https://securityvulnerability.io/vulnerability/CVE-2022-27610,Path Traversal Vulnerability in Synology DiskStation Manager,"A Path Traversal vulnerability in the webapi component of Synology DiskStation Manager (DSM) prior to version 6.2.3-25423 allows authenticated remote users to manipulate file paths. This exploitation can lead to unauthorized deletion of files on the system through unspecified vectors, posing significant risks to data integrity and availability.",Synology,Diskstation Manager (dsm),6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-07-25T00:00:00.000Z,0
CVE-2022-22688,https://securityvulnerability.io/vulnerability/CVE-2022-22688,Command Injection Vulnerability in Synology DiskStation Manager,"A command injection vulnerability exists in the File service functionality of Synology DiskStation Manager. This issue affects versions preceding 6.2.4-25556-2, allowing remote authenticated users to execute arbitrary commands on the system through unspecified vectors, which may lead to unauthorized access and manipulation of system settings.",Synology,Diskstation Manager (dsm),8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-03-25T07:15:00.000Z,0
CVE-2022-22687,https://securityvulnerability.io/vulnerability/CVE-2022-22687,Buffer Overflow Vulnerability in Synology DiskStation Manager Authentication,"A vulnerability exists in the authentication functionality of Synology DiskStation Manager that could allow remote attackers to exploit a classic buffer overflow. This could enable the execution of arbitrary code through unspecified vectors, posing a significant threat to system security. Users are urged to update to the latest version to mitigate potential risks.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0017300000181421638,false,,false,false,false,,,false,false,,2022-03-25T07:15:00.000Z,0
CVE-2021-43925,https://securityvulnerability.io/vulnerability/CVE-2021-43925,SQL Injection Vulnerability in Synology DiskStation Manager,"An SQL Injection vulnerability exists in the Log Management feature of Synology DiskStation Manager, allowing remote attackers to send malicious SQL commands through unspecified vectors. This flaw enables attackers to manipulate database queries, potentially leading to unauthorized data access or data manipulation.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-02-07T03:15:00.000Z,0
CVE-2022-22679,https://securityvulnerability.io/vulnerability/CVE-2022-22679,Path Traversal Vulnerability in Synology DiskStation Manager by Synology,"A vulnerability in Synology's DiskStation Manager (DSM) prior to version 7.0.1-42218-2 allows remote authenticated users to bypass restrictions on directory paths. This security flaw enables the potential for unauthorized file writing, ultimately compromising the integrity and security of affected systems. Users are encouraged to update their DSM installations to mitigate this risk.",Synology,Diskstation Manager (dsm),4.9,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-02-07T03:15:00.000Z,0
CVE-2021-43926,https://securityvulnerability.io/vulnerability/CVE-2021-43926,SQL Injection Vulnerability in Synology DiskStation Manager,"The vulnerability identified in Synology DiskStation Manager allows remote attackers to exploit improper neutralization of special elements in SQL commands, enabling SQL injection through various unspecified vectors. This flaw impacts the Log Management feature, posing significant risks to data integrity and system security. Organizations using affected versions are encouraged to apply security updates promptly to mitigate the risk of potential exploitation.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-02-07T03:15:00.000Z,0
CVE-2021-43929,https://securityvulnerability.io/vulnerability/CVE-2021-43929,Injection Vulnerability in Synology DiskStation Manager by Synology,"An improper neutralization of special elements in output vulnerability exists in Synology DiskStation Manager, allowing remote authenticated users to inject arbitrary web scripts or HTML. This issue may lead to unauthorized access or manipulation of web-based applications, highlighting the critical importance of ensuring proper input validation and sanitization mechanisms.",Synology,Diskstation Manager (dsm),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-07T03:15:00.000Z,0
CVE-2021-43927,https://securityvulnerability.io/vulnerability/CVE-2021-43927,SQL Injection Vulnerability in Synology DiskStation Manager,"An SQL Injection vulnerability exists in the Security Management functionality of Synology DiskStation Manager prior to version 7.0.1-42218-2. This flaw allows attackers to exploit improper neutralization of special elements used in SQL commands, enabling them to execute unauthorized SQL commands remotely through unspecified vectors. This poses significant risks to the integrity and confidentiality of the database and could potentially lead to unauthorized access to sensitive information.",Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-02-07T03:15:00.000Z,0
CVE-2022-22680,https://securityvulnerability.io/vulnerability/CVE-2022-22680,Sensitive Information Exposure in Synology DiskStation Manager,"The vulnerability in Synology DiskStation Manager exposes sensitive information to unauthorized actors, potentially allowing remote attackers to access confidential data through unspecified vectors. This security flaw impacts versions prior to 7.0.1-42218-2, underscoring the necessity for prompt updates and vigilant security measures.",Synology,Diskstation Manager (dsm),7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-02-07T02:15:00.000Z,0
CVE-2021-29084,https://securityvulnerability.io/vulnerability/CVE-2021-29084,,Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.002219999907538295,false,,false,false,false,,,false,false,,2021-06-23T00:00:00.000Z,0
CVE-2021-27649,https://securityvulnerability.io/vulnerability/CVE-2021-27649,,Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.,Synology,Diskstation Manager (dsm),9.8,CRITICAL,0.0014199999859556556,false,,false,false,false,,,false,false,,2021-06-23T00:00:00.000Z,0
CVE-2021-29085,https://securityvulnerability.io/vulnerability/CVE-2021-29085,,Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-06-23T00:00:00.000Z,0
CVE-2021-29086,https://securityvulnerability.io/vulnerability/CVE-2021-29086,,Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-06-23T00:00:00.000Z,0
CVE-2021-29087,https://securityvulnerability.io/vulnerability/CVE-2021-29087,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.,Synology,Diskstation Manager (dsm),7.5,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2021-06-23T00:00:00.000Z,0