Export limit exceeded: 362450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27656 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVE-2021-27649 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 9.8 Critical
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29087 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2022-22683 1 Synology 3 Diskstation Manager, Media Server, Router Manager 2025-01-14 10 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22687 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-22688 1 Synology 1 Diskstation Manager 2025-01-14 8.8 High
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2021-33182 1 Synology 1 Diskstation Manager 2025-01-14 5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
CVE-2017-16774 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
CVE-2019-9514 13 Apache, Apple, Canonical and 10 more 44 Traffic Server, Mac Os X, Swiftnio and 41 more 2025-01-14 7.5 High
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9515 12 Apache, Apple, Canonical and 9 more 36 Traffic Server, Mac Os X, Swiftnio and 33 more 2025-01-14 7.5 High
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2021-29086 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2018-13281 1 Synology 3 Diskstation Manager, Skynas, Vs960hd 2025-01-14 N/A
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
CVE-2022-27614 1 Synology 3 Diskstation Manager, Media Server, Router Manager 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2022-27616 1 Synology 1 Diskstation Manager 2025-01-14 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-27617 1 Synology 2 Calendar, Diskstation Manager 2025-01-14 5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
CVE-2022-27618 1 Synology 2 Diskstation Manager, Storage Analyzer 2025-01-14 6.8 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2018-13284 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2022-27621 1 Synology 2 Diskstation Manager, Usb Copy 2025-01-14 5.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
CVE-2018-13291 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.