CVE-2018-7170
- EPSS 2.76%
- Veröffentlicht 06.03.2018 20:29:01
- Zuletzt bearbeitet 14.01.2025 19:29:55
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sy...
CVE-2017-5753
- EPSS 93.84%
- Veröffentlicht 04.01.2018 13:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:25
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-16766
- EPSS 0.74%
- Veröffentlicht 22.12.2017 14:29:13
- Zuletzt bearbeitet 13.05.2026 00:24:29
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2017-15894
- EPSS 1.97%
- Veröffentlicht 08.12.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15889
- EPSS 72.45%
- Veröffentlicht 04.12.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-14491
- EPSS 84.93%
- Veröffentlicht 04.10.2017 01:29:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-12076
- EPSS 1.43%
- Veröffentlicht 28.08.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack...
CVE-2017-9554
- EPSS 75.02%
- Veröffentlicht 24.07.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-9553
- EPSS 1.43%
- Veröffentlicht 24.07.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.
CVE-2015-4655
- EPSS 1.45%
- Veröffentlicht 18.06.2015 18:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.