GCVE - cpe:2.3:o:synology:diskstation_manager_unified

Approved changes feed: RSS · Atom

cpe:2.3:o:synology:diskstation_manager_unified_controller:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Diskstation Manager Unified Controller (`86652503-9874-5495-a03f-3bdedaed71be`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5401`	vulnerable	2026-06-03 14:57:52.610662	Details available MEDIUM (4.3) Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors. Published: 2025-12-04T14:20:18.980Z Updated: 2025-12-04T20:01:59.634Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/security/advisory/Synology_SA_24_27	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45539`	vulnerable	2026-06-03 14:56:56.957687	Details available HIGH (7.5) Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. Published: 2025-12-04T14:17:50.895Z Updated: 2025-12-04T20:02:07.895Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/security/advisory/Synology_SA_24_27	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45538`	vulnerable	2026-06-03 14:56:56.957120	Details available CRITICAL (9.6) Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. Published: 2025-12-04T14:16:26.897Z Updated: 2025-12-04T20:02:13.926Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/security/advisory/Synology_SA_24_27	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-22687`	vulnerable	2026-06-03 14:46:25.116754	Details available CRITICAL (9.8) Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Published: 2022-03-25T06:55:17.763Z Updated: 2024-09-16T16:28:18.145Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29087`	vulnerable	2026-06-03 14:44:19.618088	Details available HIGH (7.5) Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. Published: 2021-06-23T09:55:11.434Z Updated: 2024-09-16T19:57:04.894Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29086`	vulnerable	2026-06-03 14:44:19.617740	Details available MEDIUM (5.3) Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. Published: 2021-06-23T09:50:12.188Z Updated: 2024-09-17T03:38:00.885Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29085`	vulnerable	2026-06-03 14:44:19.617401	Details available HIGH (8.6) Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Published: 2021-06-23T09:55:15.837Z Updated: 2024-09-16T21:08:10.641Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29084`	vulnerable	2026-06-03 14:44:19.617043	Details available HIGH (7.5) Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Published: 2021-06-23T09:55:20.735Z Updated: 2024-09-16T23:10:23.988Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27649`	vulnerable	2026-06-03 14:44:16.434201	Details available CRITICAL (9.8) Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Published: 2021-06-23T09:50:17.135Z Updated: 2024-09-16T23:05:41.826Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Diskstation Manager Unified Controller

PURL mappings

Vulnerability references

Contribute