Filtered by vendor Synology
Subscriptions
Filtered by product Diskstation Manager
Subscriptions
Total
95 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2024-11-21 | 5.6 Medium |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | ||||
CVE-2017-16766 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | ||||
CVE-2017-15894 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2017-15889 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | ||||
CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 35 Eos, Arubaos, Ubuntu Linux and 32 more | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | ||||
CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
CVE-2017-12075 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | ||||
CVE-2015-4655 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | ||||
CVE-2015-2809 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | ||||
CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | ||||
CVE-2013-6987 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. | ||||
CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | N/A |
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | ||||
CVE-2012-1556 | 1 Synology | 2 Diskstation Manager, Synology Photo Station | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | ||||
CVE-2024-10443 | 1 Synology | 5 Beephotos, Beestation Os, Diskstation Manager and 2 more | 2024-11-19 | 9.8 Critical |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. |