Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

8 matches found

CVE•added 2018/01/04 1:29 p.m.•1020 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94332EPSS

CVE•added 2018/03/06 8:29 p.m.•172 views

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incom...

5.3CVSS6.3AI score0.02063EPSS

CVE•added 2015/04/01 2:0 a.m.•133 views

CVE-2015-2809

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information...

5CVSS8.8AI score0.01103EPSS

CVE•added 2017/07/24 8:29 p.m.•65 views

CVE-2017-9554

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

5.3CVSS5.3AI score0.63989EPSS

CVE•added 2020/10/29 9:15 a.m.•45 views

CVE-2020-27650

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

5.8CVSS6.3AI score0.00103EPSS

CVE•added 2019/04/01 3:29 p.m.•43 views

CVE-2018-13293

Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

5.9CVSS5AI score0.0023EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2021-33182

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.

5CVSS5AI score0.00201EPSS

CVE•added 2024/01/24 10:15 a.m.•37 views

CVE-2024-0854

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

5.4CVSS5.1AI score0.0027EPSS