Filtered by vendor Synology Subscriptions
Filtered by product Diskstation Manager Subscriptions
Total 95 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-5753 14 Arm, Canonical, Debian and 11 more 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more 2024-11-21 5.6 Medium
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-16774 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
CVE-2017-16766 1 Synology 1 Diskstation Manager 2024-11-21 N/A
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2017-15894 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15889 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-14491 13 Arista, Arubanetworks, Canonical and 10 more 35 Eos, Arubaos, Ubuntu Linux and 32 more 2024-11-21 9.8 Critical
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-12076 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-12075 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2015-4655 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
CVE-2015-2809 1 Synology 1 Diskstation Manager 2024-11-21 N/A
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
CVE-2014-2264 1 Synology 1 Diskstation Manager 2024-11-21 N/A
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
CVE-2013-6987 1 Synology 1 Diskstation Manager 2024-11-21 N/A
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
CVE-2013-6955 1 Synology 1 Diskstation Manager 2024-11-21 N/A
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
CVE-2012-1556 1 Synology 2 Diskstation Manager, Synology Photo Station 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
CVE-2024-10443 1 Synology 5 Beephotos, Beestation Os, Diskstation Manager and 2 more 2024-11-19 9.8 Critical
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.