Vulnerabilities (CVE)

Vendor filter

Synology Subscribe

Product filter

Diskstation Manager Subscribe

Filter

32 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8920 1 Synology 1 Diskstation Manager 2019-10-09 6.5
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
CVE-2018-8919 1 Synology 1 Diskstation Manager 2019-10-09 5.0
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
CVE-2018-8917 1 Synology 1 Diskstation Manager 2019-10-09 3.5
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-8916 1 Synology 1 Diskstation Manager 2019-10-09 4.0
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVE-2018-1160 3 Synology, Debian, Netatalk Project 6 Skynas, Debian Linux, Vs960hd Firmware and 3 more 2019-10-09 10.0
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2018-13293 1 Synology 1 Diskstation Manager 2019-10-09 N/A
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVE-2018-13291 1 Synology 1 Diskstation Manager 2019-10-09 N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13286 1 Synology 1 Diskstation Manager 2019-10-09 4.0
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13284 1 Synology 1 Diskstation Manager 2019-10-09 N/A
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2018-13281 1 Synology 3 Diskstation Manager, Skynas, Vs960hd 2019-10-09 4.0
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
CVE-2018-13280 1 Synology 1 Diskstation Manager 2019-10-09 4.3
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
CVE-2017-16774 1 Synology 1 Diskstation Manager 2019-10-09 N/A
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
CVE-2017-16766 1 Synology 1 Diskstation Manager 2019-10-09 6.4
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2017-15894 1 Synology 1 Diskstation Manager 2019-10-09 4.0
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15889 1 Synology 1 Diskstation Manager 2019-10-09 6.5
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-12075 1 Synology 1 Diskstation Manager 2019-10-09 6.5
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2017-9553 1 Synology 1 Diskstation Manager 2019-10-03 4.3
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.
CVE-2018-8897 8 Citrix, Synology, Apple and 5 more 11 Xenserver, Skynas, Mac Os X and 8 more 2019-10-03 7.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions...
CVE-2018-7170 4 Ntp, Synology, Slackware and 1 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-10-03 3.5
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via...
CVE-2019-9516 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or...