Diskstation Manager@* Security Vulnerabilities and Issues — Diskstation Manager@* CVE List

Lucene search

SynologyDiskstation Manager*

6 matches found

CVE•added 2017/12/04 7:29 p.m.•112 views

CVE-2017-15889

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

8.8CVSS8.4AI score0.62905EPSS

CVE•added 2017/07/24 8:29 p.m.•65 views

CVE-2017-9554

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

5.3CVSS5.3AI score0.63989EPSS

CVE•added 2017/12/08 4:29 p.m.•51 views

CVE-2017-15894

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

6.5CVSS6.2AI score0.00312EPSS

CVE•added 2017/12/22 2:29 p.m.•45 views

CVE-2017-16766

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

6.5CVSS6.2AI score0.00576EPSS

CVE•added 2017/08/28 7:29 p.m.•44 views

CVE-2017-12076

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

4.9CVSS4.9AI score0.00518EPSS

CVE•added 2017/07/24 8:29 p.m.•44 views

CVE-2017-9553

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

7.5CVSS7.5AI score0.00108EPSS