Product:

Diskstation_manager

(Synology)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 88
Date Id Summary Products Score Patch Annotated
2019-04-01 CVE-2018-13286 Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Diskstation_manager 6.5
2019-04-01 CVE-2018-13284 Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Diskstation_manager 8.8
2018-10-31 CVE-2018-13281 Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Diskstation_manager, Skynas, Vs960hd 4.3
2018-07-30 CVE-2018-13280 Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. Diskstation_manager 5.9
2019-04-01 CVE-2017-16774 Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. Diskstation_manager 5.4
2017-12-22 CVE-2017-16766 An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. Diskstation_manager 6.5
2017-12-08 CVE-2017-15894 Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Diskstation_manager 6.5
2018-06-08 CVE-2017-12075 Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Diskstation_manager 7.2
2018-05-08 CVE-2018-8897 A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs),... Mac_os_x, Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Enterprise_linux_server, Enterprise_linux_workstation, Enterprise_virtualization_manager, Diskstation_manager, Skynas, Xen 7.8
2017-07-24 CVE-2017-9554 An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. Diskstation_manager 5.3