Synology DiskStation Manager (DSM) 7.1
Approved changes feed: RSS · Atom
cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
part: o version: 7.1 update: *
| Vendor | Synology (65464e9b-7339-559d-9719-837f074e0220) |
|---|---|
| Product | Diskstation Manager (db429775-8112-5c04-a3e0-3177c21cf9b4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2848 |
not_vulnerable | 2026-06-03 15:00:26.660596 |
Details available
MEDIUM (6.3)
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
Published: 2025-12-04T15:05:20.861Z
Updated: 2025-12-04T20:01:25.611Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47266 |
not_vulnerable | 2026-06-03 14:57:00.921119 |
Details available
LOW (2.7)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.
Published: 2025-02-13T06:26:06.229Z
Updated: 2025-02-13T15:54:15.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47265 |
not_vulnerable | 2026-06-03 14:57:00.920735 |
Details available
MEDIUM (6.5)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.
Published: 2025-02-13T06:25:55.487Z
Updated: 2025-09-16T13:44:48.738Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47264 |
not_vulnerable | 2026-06-03 14:57:00.918942 |
Details available
MEDIUM (4.9)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.
Published: 2025-02-13T06:25:31.750Z
Updated: 2025-02-18T17:21:29.800Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29241 |
not_vulnerable | 2026-06-03 14:55:27.158911 |
Details available
CRITICAL (9.9)
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors.
Published: 2024-03-28T06:28:53.632Z
Updated: 2025-08-12T08:09:15.488Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29240 |
not_vulnerable | 2026-06-03 14:55:27.158362 |
Details available
MEDIUM (4.3)
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:28:38.385Z
Updated: 2025-08-01T04:55:21.100Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29239 |
not_vulnerable | 2026-06-03 14:55:27.157661 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:28:31.235Z
Updated: 2025-08-01T04:53:34.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29238 |
not_vulnerable | 2026-06-03 14:55:27.157093 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:28:14.399Z
Updated: 2025-08-01T04:52:14.346Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29237 |
not_vulnerable | 2026-06-03 14:55:27.156654 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:27:39.249Z
Updated: 2025-08-01T04:50:52.275Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29236 |
not_vulnerable | 2026-06-03 14:55:27.156206 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:27:09.078Z
Updated: 2025-08-01T04:49:09.342Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29235 |
not_vulnerable | 2026-06-03 14:55:27.155751 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:26:32.275Z
Updated: 2025-08-01T04:47:41.947Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29234 |
not_vulnerable | 2026-06-03 14:55:27.155344 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:26:12.750Z
Updated: 2025-08-01T04:46:13.156Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29233 |
not_vulnerable | 2026-06-03 14:55:27.154917 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:25:27.881Z
Updated: 2025-08-01T04:44:41.956Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29232 |
not_vulnerable | 2026-06-03 14:55:27.154410 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:24:18.371Z
Updated: 2025-08-01T04:42:43.317Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29231 |
not_vulnerable | 2026-06-03 14:55:27.153980 |
Details available
MEDIUM (5.4)
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:23:39.710Z
Updated: 2025-08-13T13:36:05.455Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29230 |
not_vulnerable | 2026-06-03 14:55:27.153566 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:22:54.365Z
Updated: 2025-08-01T04:36:18.221Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29229 |
not_vulnerable | 2026-06-03 14:55:27.153121 |
Details available
HIGH (7.7)
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
Published: 2024-03-28T06:19:39.482Z
Updated: 2024-08-12T19:09:16.394Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29228 |
not_vulnerable | 2026-06-03 14:55:27.152651 |
Details available
HIGH (7.7)
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
Published: 2024-03-28T06:13:20.333Z
Updated: 2024-08-02T01:10:55.441Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29227 |
not_vulnerable | 2026-06-03 14:55:27.151168 |
Details available
MEDIUM (5.4)
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Published: 2024-03-28T06:08:34.641Z
Updated: 2025-08-01T03:46:55.183Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10442 |
not_vulnerable | 2026-06-03 14:54:11.726550 |
Details available
CRITICAL (10)
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
Published: 2025-03-19T02:14:03.691Z
Updated: 2025-03-19T14:13:16.719Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-52944 |
not_vulnerable | 2026-06-03 14:53:40.008814 |
Details available
MEDIUM (4.3)
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
Published: 2024-12-04T07:05:32.103Z
Updated: 2024-12-04T14:09:11.434Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-52943 |
not_vulnerable | 2026-06-03 14:53:40.007574 |
Details available
MEDIUM (4.3)
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
Published: 2024-12-04T07:04:36.932Z
Updated: 2024-12-04T14:09:11.579Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27621 |
not_vulnerable | 2026-06-03 14:46:53.083661 |
Details available
MEDIUM (5.5)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
Published: 2022-08-03T05:55:11.765Z
Updated: 2024-09-17T01:50:43.181Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27620 |
not_vulnerable | 2026-06-03 14:46:47.604464 |
Details available
MEDIUM (6.8)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Published: 2022-08-03T02:55:10.286Z
Updated: 2024-09-16T22:45:35.273Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27618 |
not_vulnerable | 2026-06-03 14:46:47.600827 |
Details available
MEDIUM (6.8)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Published: 2022-08-03T02:20:13.652Z
Updated: 2024-09-16T17:03:10.482Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.