VYPR

Diskstation Manager

by Synology

CVEs (77)

  • CVE-2021-26560Feb 26, 2021
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

  • CVE-2020-27656Oct 29, 2020
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

  • CVE-2020-27652Oct 29, 2020
    risk 0.00cvss epss 0.01

    Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

  • CVE-2020-27650Oct 29, 2020
    risk 0.00cvss epss 0.01

    Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

  • CVE-2020-27648Oct 29, 2020
    risk 0.00cvss epss 0.01

    Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2018-13293Apr 1, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

  • CVE-2018-13291Apr 1, 2019
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.

  • CVE-2018-13286Apr 1, 2019
    risk 0.00cvss epss 0.01

    Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

  • CVE-2018-13284Apr 1, 2019
    risk 0.00cvss epss 0.02

    Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

  • CVE-2017-16774Apr 1, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.

  • CVE-2018-8917Dec 24, 2018
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

  • CVE-2018-8920Dec 24, 2018
    risk 0.00cvss epss 0.01

    Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

  • CVE-2018-8919Dec 24, 2018
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

  • CVE-2018-13281Oct 31, 2018
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

  • CVE-2015-4655Jun 18, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

  • CVE-2015-2809Apr 1, 2015
    risk 0.00cvss epss 0.04

    The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially…

  • CVE-2014-2264Mar 2, 2014
    risk 0.00cvss epss 0.02

    The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

Page 4 of 4