Diskstation_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Diskstation_manager
(Synology)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	88

Date	Id	Summary	Products	Score	Patch	Annotated
2019-04-01	CVE-2018-13293	Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.	Diskstation_manager	5.4
2019-04-01	CVE-2018-13291	Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	4.3
2019-04-01	CVE-2018-13286	Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	6.5
2019-04-01	CVE-2018-13284	Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.	Diskstation_manager	8.8
2018-10-31	CVE-2018-13281	Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.	Diskstation_manager, Skynas, Vs960hd	4.3
2018-07-30	CVE-2018-13280	Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.	Diskstation_manager	5.9
2019-04-01	CVE-2017-16774	Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.	Diskstation_manager	5.4
2017-12-22	CVE-2017-16766	An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.	Diskstation_manager	6.5
2017-12-08	CVE-2017-15894	Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.	Diskstation_manager	6.5
2018-06-08	CVE-2017-12075	Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.	Diskstation_manager	7.2