Diskstation Manager Unified Controller Synology Diskstation Manager Unified Controller

Do you want an email whenever new security vulnerabilities are reported in Synology Diskstation Manager Unified Controller?

By the Year

In 2024 there have been 0 vulnerabilities in Synology Diskstation Manager Unified Controller . Last year Diskstation Manager Unified Controller had 2 security vulnerabilities published. Right now, Diskstation Manager Unified Controller is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 2 7.80
2022 1 9.80
2021 6 7.93
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Diskstation Manager Unified Controller vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Synology Diskstation Manager Unified Controller Security Vulnerabilities

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561

CVE-2023-2729 7.5 - High - June 13, 2023

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

Use of Insufficiently Random Values

Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661

CVE-2023-0142 8.1 - High - June 13, 2023

Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.

DLL preloading

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2022-22687 9.8 - Critical - March 25, 2022

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Classic Buffer Overflow

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2021-29087 7.5 - High - June 23, 2021

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

Directory traversal

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2021-29086 7.5 - High - June 23, 2021

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

Information Disclosure

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2021-29085 7.5 - High - June 23, 2021

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

Injection

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2021-29084 7.5 - High - June 23, 2021

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

Injection

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3

CVE-2021-27649 9.8 - Critical - June 23, 2021

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Dangling pointer

Sudo before 1.9.5p2 contains an off-by-one error

CVE-2021-3156 7.8 - High - January 26, 2021

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

off-by-five

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for NetApp Ontap Tools or by Synology? Click the Watch button to subscribe.

Synology
Vendor

subscribe