Synology Diskstation_manager_unified_controller

21 CVEs affecting Synology Diskstation_manager_unified_controller. Latest disclosed: 2025-12-04. Critical: 7, High: 10.

Top CVEs affecting Synology Diskstation_manager_unified_controller
CVESeverityScorePublishedSummary
CVE-2024-10442Critical10.02025-03-19Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified…
CVE-2022-22687Critical9.82022-03-25Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) befo…
CVE-2021-27649Critical9.82021-06-23Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute…
CVE-2024-45538Critical9.62025-12-04Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Uni…
CVE-2021-26562Critical9.02021-02-26Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execut…
CVE-2021-26561Critical9.02021-02-26Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers t…
CVE-2021-26560Critical9.02021-02-26Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-th…
CVE-2021-29085High8.62021-06-23Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synolo…
CVE-2021-26566High8.32021-02-26Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-midd…
CVE-2021-26565High8.32021-02-26Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle…
CVE-2021-26564High8.32021-02-26Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle…
CVE-2021-26563High8.22021-02-26Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary co…
CVE-2021-26567High7.82021-02-26Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname…
CVE-2021-3156High7.82021-01-26Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" a…
CVE-2024-45539High7.52025-12-04Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller…
CVE-2021-29087High7.52021-06-23Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6…
CVE-2021-29084High7.52021-06-23Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management componen…
CVE-2023-0142Medium6.52023-06-13Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and…
CVE-2023-2729Medium5.92023-06-13Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attacke…
CVE-2021-29086Medium5.32021-06-23Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows…