Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

4 matches found

CVE•added 2018/12/20 9:29 p.m.•605 views

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

10CVSS9.6AI score0.88939EPSS

CVE•added 2018/12/24 3:29 p.m.•46 views

CVE-2018-8917

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

6.5CVSS5.4AI score0.00187EPSS

CVE•added 2018/12/24 3:29 p.m.•46 views

CVE-2018-8919

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

9.8CVSS9.1AI score0.00262EPSS

CVE•added 2018/12/24 3:29 p.m.•44 views

CVE-2018-8920

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

7.2CVSS7AI score0.004EPSS