Synology

Diskstation Manager

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.6

CVE-2017-5753

Exploit
  • EPSS 94.33%
  • Veröffentlicht 04.01.2018 13:29:00
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

6.5

CVE-2017-16766

  • EPSS 0.38%
  • Veröffentlicht 22.12.2017 14:29:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

6.5

CVE-2017-15894

  • EPSS 0.4%
  • Veröffentlicht 08.12.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

8.8

CVE-2017-15889

  • EPSS 62.38%
  • Veröffentlicht 04.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

9.8

CVE-2017-14491

Exploit
  • EPSS 60.19%
  • Veröffentlicht 04.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

4.9

CVE-2017-12076

  • EPSS 0.47%
  • Veröffentlicht 28.08.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack...

5.3

CVE-2017-9554

  • EPSS 57.87%
  • Veröffentlicht 24.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

7.5

CVE-2017-9553

  • EPSS 0.13%
  • Veröffentlicht 24.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

4.3

CVE-2015-4655

Exploit
  • EPSS 0.36%
  • Veröffentlicht 18.06.2015 18:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

5

CVE-2015-2809

  • EPSS 1.64%
  • Veröffentlicht 01.04.2015 02:00:35
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplifica...