Synology

Diskstation Manager

94 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.8%
  • Veröffentlicht 24.12.2018 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

  • EPSS 1.44%
  • Veröffentlicht 24.12.2018 15:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

Exploit
  • EPSS 86.54%
  • Veröffentlicht 20.12.2018 21:29:00
  • Zuletzt bearbeitet 13.02.2026 20:16:11

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio...

  • EPSS 1.18%
  • Veröffentlicht 31.10.2018 16:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

  • EPSS 0.63%
  • Veröffentlicht 30.07.2018 14:29:03
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

  • EPSS 0.98%
  • Veröffentlicht 08.06.2018 13:29:01
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

  • EPSS 1.94%
  • Veröffentlicht 08.06.2018 13:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

Exploit
  • EPSS 18.26%
  • Veröffentlicht 08.05.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:33

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that ...

  • EPSS 9.24%
  • Veröffentlicht 06.03.2018 20:29:01
  • Zuletzt bearbeitet 14.01.2025 19:29:55

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...

  • EPSS 8.86%
  • Veröffentlicht 06.03.2018 20:29:01
  • Zuletzt bearbeitet 14.01.2025 19:29:55

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...