VYPR

Disk Station

by Synology

CVEs (3)

  • CVE-2017-12076MedAug 28, 2017
    risk 0.32cvss 4.9epss 0.01

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

  • CVE-2010-3684Sep 29, 2010
    risk 0.00cvss epss 0.00

    The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

  • CVE-2010-2453Sep 29, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP…