Show filters
300 Total Results
Displaying 121-130 of 300
Sort by:
Attacker Value
Unknown

CVE-2021-33183

Disclosure Date: May 26, 2021 (last updated February 22, 2025)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Attacker Value
Unknown

CVE-2021-33182

Disclosure Date: May 26, 2021 (last updated February 22, 2025)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
Attacker Value
Unknown

CVE-2021-33184

Disclosure Date: May 26, 2021 (last updated February 22, 2025)
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Attacker Value
Unknown

CVE-2021-31439

Disclosure Date: May 21, 2021 (last updated February 22, 2025)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
Attacker Value
Unknown

CVE-2021-29088

Disclosure Date: May 18, 2021 (last updated February 22, 2025)
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Attacker Value
Unknown

CVE-2021-27648

Disclosure Date: April 28, 2021 (last updated February 22, 2025)
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
Attacker Value
Unknown

CVE-2021-29083

Disclosure Date: April 01, 2021 (last updated February 22, 2025)
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
Attacker Value
Unknown

CVE-2021-27647

Disclosure Date: March 12, 2021 (last updated February 22, 2025)
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
Attacker Value
Unknown

CVE-2021-27646

Disclosure Date: March 12, 2021 (last updated February 22, 2025)
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
Attacker Value
Unknown

CVE-2021-26569

Disclosure Date: March 12, 2021 (last updated February 22, 2025)
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.