CVE-2015-4655
- EPSS 0.34%
- Published 18.06.2015 18:59:06
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
- EPSS 1.64%
- Published 01.04.2015 02:00:35
- Last modified 12.04.2025 10:46:40
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplifica...
CVE-2014-2264
- EPSS 0.59%
- Published 02.03.2014 17:55:03
- Last modified 12.04.2025 10:46:40
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
- EPSS 83.31%
- Published 09.01.2014 18:07:04
- Last modified 11.04.2025 00:51:21
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathna...
CVE-2013-6987
- EPSS 28.92%
- Published 31.12.2013 16:04:23
- Last modified 11.04.2025 00:51:21
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter t...