CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50629
https://notcve.org/view.php?id=CVE-2024-50629
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors. La vulnerabilidad de codificación o escape incorrecto de la salida en el componente webapi en Synology BeeStation Manager (BSM) ante... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-10445
https://notcve.org/view.php?id=CVE-2024-10445
19 Mar 2025 — Improper certificate validation vulnerability in the update functionality in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to write limited files via unspecified vectors. La vulnerabilidad de validación de certificado incorrecta en la funcionalidad de actualización en Synology BeeStation Manager (BSM) ant... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2024-10441
https://notcve.org/view.php?id=CVE-2024-10441
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. La vulnerabilidad de codificación o escape incorrecto de la salida en system plugin daemon en Synology BeeStation Manager (B... • https://github.com/hazzzein/CVE-2024-10441 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10444
https://notcve.org/view.php?id=CVE-2024-10444
19 Mar 2025 — Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de validación de certificado incorrecta en las utilidades LDAP en Synology DiskStation Manager (DSM) anteriores a 7.1.1-42962-8, 7.2.1-69057-7 y 7.2.2-72806-3 permite a atacantes intermediarios secuestrar la autenticación de l... • https://www.synology.com/en-global/security/advisory/Synology_SA_25_01 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0854
https://notcve.org/view.php?id=CVE-2024-0854
24 Jan 2024 — URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en el componente de acceso a archivos de Synology DiskStation Manager (DSM) anterior a 7.2.1-69057-2 permite a usuarios remotos autenticados realizar ataques de phishing a través de v... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_02 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2729
https://notcve.org/view.php?id=CVE-2023-2729
13 Jun 2023 — Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_07 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-0142
https://notcve.org/view.php?id=CVE-2023-0142
13 Jun 2023 — Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified ... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_05 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27622
https://notcve.org/view.php?id=CVE-2022-27622
25 Oct 2022 — Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en la funcionalidad Package Center en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a usuarios remotos autenticados acceder a recursos de la intranet por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27623
https://notcve.org/view.php?id=CVE-2022-27623
25 Oct 2022 — Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. Una falta de autenticación para la vulnerabilidad de la función crítica en la funcionalidad iSCSI management en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a atacantes remotos leer o escribir archivos arbitrarios por medio de vectores no especificad... • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3576
https://notcve.org/view.php?id=CVE-2022-3576
20 Oct 2022 — A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite ... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-125: Out-of-bounds Read •