📦 Diskstation Manager
by Synology
🔍 What is Diskstation Manager?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A Cross-Site Request Forgery (CSRF) vulnerability in Synology's WebAPI Framework allows remote attackers to trick authenticated users into executing arbitrary code on Synology DiskStation Manager (DSM...
This critical vulnerability allows remote attackers to execute arbitrary code on Synology BeeStation and DiskStation systems due to improper output encoding in the system plugin daemon. Attackers can ...
This is a critical buffer overflow vulnerability in Synology DiskStation Manager's authentication functionality that allows remote attackers to execute arbitrary code without authentication. It affect...
This is a critical use-after-free vulnerability in Synology DiskStation Manager's file transfer protocol component that allows remote attackers to execute arbitrary code on affected systems. Attackers...
This vulnerability allows remote attackers to execute arbitrary code on Synology DiskStation Manager (DSM) systems by sending specially crafted web requests. It affects DSM versions before 6.2.3-25426...
A race condition vulnerability in Synology DiskStation Manager's iSCSI snapshot component allows remote attackers to execute arbitrary code via crafted web requests. This affects Synology NAS devices ...
This vulnerability allows man-in-the-middle attackers to execute arbitrary code on Synology DiskStation Manager (DSM) systems by exploiting an out-of-bounds write in the synoagentregisterd service via...
CVE-2021-26560 allows man-in-the-middle attackers to intercept and spoof servers during HTTP sessions with synoagentregisterd in Synology DSM. This cleartext transmission vulnerability affects Synolog...
CVE-2018-1160 is a critical vulnerability in Netatalk that allows remote unauthenticated attackers to execute arbitrary code due to an out-of-bounds write in dsi_opensess.c. It affects systems running...
An out-of-bounds write vulnerability in CGI components of Synology DiskStation Manager (DSM) and Unified Controller (DSMUC) allows remote attackers to cause denial-of-service attacks. This affects Syn...
A missing authorization vulnerability in synocopy allows remote attackers to read arbitrary files on Synology DiskStation Manager systems. This affects DSM versions before 7.1.1-42962-8, 7.2.1-69057-7...
This vulnerability allows remote attackers to read arbitrary files on Synology DiskStation Manager (DSM) systems through improper input sanitization in the file sharing management component. Attackers...
This path traversal vulnerability in Synology DiskStation Manager's webapi component allows remote attackers to write arbitrary files to restricted directories. It affects Synology DSM versions before...
This is a heap-based buffer overflow vulnerability in Netatalk's DSI structure processing that allows unauthenticated attackers on the same network to execute arbitrary code on Synology DiskStation Ma...
This vulnerability allows authenticated remote users to escalate privileges without authorization in Synology DiskStation Manager and Unified Controller. Attackers with valid credentials can gain high...
This CVE describes an improper certificate validation vulnerability in Synology BeeStation OS and DiskStation Manager update functionality. It allows remote attackers to write limited files via unspec...