Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Diskstation Manager Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2015-2809

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information...

8.8AI Score

0.002EPSS

2015-04-01 02:00 AM
107
cve
cve

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS

6.1AI Score

0.976EPSS

2018-01-04 01:29 PM
891
9
cve
cve

CVE-2017-9554

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

5.3CVSS

5.3AI Score

0.03EPSS

2017-07-24 08:29 PM
52
cve
cve

CVE-2018-13293

Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

5.9CVSS

5AI Score

0.001EPSS

2019-04-01 03:29 PM
33
cve
cve

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incom...

5.3CVSS

6.3AI Score

0.002EPSS

2018-03-06 08:29 PM
149
cve
cve

CVE-2020-27650

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

5.8CVSS

6.3AI Score

0.001EPSS

2020-10-29 09:15 AM
29
cve
cve

CVE-2021-33182

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.

5CVSS

5AI Score

0.001EPSS

2021-06-01 02:15 PM
33
4
cve
cve

CVE-2024-0854

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

5.4CVSS

5AI Score

0.0005EPSS

2024-01-24 10:15 AM
16