Synology

Diskstation Manager

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-9515

  • EPSS 10.39%
  • Veröffentlicht 13.08.2019 21:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f...

7.8

CVE-2019-9517

  • EPSS 4.56%
  • Veröffentlicht 13.08.2019 21:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...

6.1

CVE-2019-3870

Exploit
  • EPSS 0.46%
  • Veröffentlicht 09.04.2019 16:29:01
  • Zuletzt bearbeitet 14.01.2025 19:29:55

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700,...

5.4

CVE-2018-13293

  • EPSS 0.19%
  • Veröffentlicht 01.04.2019 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

4.3

CVE-2018-13291

  • EPSS 0.24%
  • Veröffentlicht 01.04.2019 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.

6.5

CVE-2018-13286

  • EPSS 0.22%
  • Veröffentlicht 01.04.2019 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

9

CVE-2018-13284

  • EPSS 0.55%
  • Veröffentlicht 01.04.2019 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

5.4

CVE-2017-16774

  • EPSS 0.23%
  • Veröffentlicht 01.04.2019 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.

9.8

CVE-2018-8919

  • EPSS 0.26%
  • Veröffentlicht 24.12.2018 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

5.4

CVE-2018-8917

  • EPSS 0.19%
  • Veröffentlicht 24.12.2018 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.