Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Diskstation_manager
(Synology)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-07 | CVE-2021-43925 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | Diskstation_manager | 9.8 | ||
| 2022-02-07 | CVE-2021-43926 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | Diskstation_manager | 9.8 | ||
| 2022-02-07 | CVE-2021-43927 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | Diskstation_manager | 9.8 | ||
| 2022-02-07 | CVE-2021-43929 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Diskstation_manager | 5.4 | ||
| 2022-02-07 | CVE-2022-22679 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | Diskstation_manager | 4.9 | ||
| 2022-03-25 | CVE-2022-22687 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller | 9.8 | ||
| 2022-03-25 | CVE-2022-22688 | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | Diskstation_manager | 8.8 | ||
| 2022-07-28 | CVE-2022-22684 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | Diskstation_manager | 8.8 | ||
| 2022-08-03 | CVE-2022-27616 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | Diskstation_manager | 7.2 | ||
| 2022-10-20 | CVE-2022-27624 | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | Diskstation_manager | 9.8 |