Synology

Diskstation Manager

85 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2018-8920

  • EPSS 0.4%
  • Published 24.12.2018 15:29:00
  • Last modified 14.01.2025 19:29:55

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

9.8

CVE-2018-8919

  • EPSS 0.26%
  • Published 24.12.2018 15:29:00
  • Last modified 14.01.2025 19:29:55

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

5.4

CVE-2018-8917

  • EPSS 0.19%
  • Published 24.12.2018 15:29:00
  • Last modified 14.01.2025 19:29:55

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

10

CVE-2018-1160

Exploit
  • EPSS 88.81%
  • Published 20.12.2018 21:29:00
  • Last modified 14.01.2025 19:29:55

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio...

4.3

CVE-2018-13281

  • EPSS 0.13%
  • Published 31.10.2018 16:29:00
  • Last modified 14.01.2025 19:29:55

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

5.9

CVE-2018-13280

  • EPSS 0.12%
  • Published 30.07.2018 14:29:03
  • Last modified 14.01.2025 19:29:55

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

8.8

CVE-2018-8916

  • EPSS 0.16%
  • Published 08.06.2018 13:29:01
  • Last modified 14.01.2025 19:29:55

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

7.2

CVE-2017-12075

  • EPSS 5.65%
  • Published 08.06.2018 13:29:00
  • Last modified 14.01.2025 19:29:55

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

7.8

CVE-2018-8897

Exploit
  • EPSS 23.21%
  • Published 08.05.2018 18:29:00
  • Last modified 21.11.2024 04:14:33

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that ...

7.5

CVE-2018-7185

  • EPSS 16.93%
  • Published 06.03.2018 20:29:01
  • Last modified 14.01.2025 19:29:55

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...