Product:

Diskstation_manager

(Synology)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 88
Date Id Summary Products Score Patch Annotated
2019-04-01 CVE-2018-13293 Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. Diskstation_manager 5.4
2019-04-01 CVE-2018-13291 Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. Diskstation_manager 4.3
2019-04-01 CVE-2018-13286 Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Diskstation_manager 6.5
2019-04-01 CVE-2018-13284 Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Diskstation_manager 8.8
2018-10-31 CVE-2018-13281 Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Diskstation_manager, Skynas, Vs960hd 4.3
2018-07-30 CVE-2018-13280 Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. Diskstation_manager 5.9
2019-04-01 CVE-2017-16774 Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. Diskstation_manager 5.4
2017-12-22 CVE-2017-16766 An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. Diskstation_manager 6.5
2017-12-08 CVE-2017-15894 Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Diskstation_manager 6.5
2018-06-08 CVE-2017-12075 Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Diskstation_manager 7.2