Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

11 matches found

CVE•added 2020/01/21 6:15 p.m.•406 views

CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authenti...

6.5CVSS6.5AI score0.05927EPSS

CVE•added 2020/01/21 6:15 p.m.•214 views

CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

6.5CVSS6.3AI score0.0213EPSS

CVE•added 2019/04/09 4:29 p.m.•90 views

CVE-2019-3870

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in som...

6.1CVSS6.1AI score0.00255EPSS

CVE•added 2020/10/29 9:15 a.m.•74 views

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

6.5CVSS6.1AI score0.00089EPSS

CVE•added 2022/02/07 3:15 a.m.•58 views

CVE-2022-22679

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.

6.5CVSS4.9AI score0.00338EPSS

CVE•added 2017/12/08 4:29 p.m.•51 views

CVE-2017-15894

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

6.5CVSS6.2AI score0.00312EPSS

CVE•added 2019/04/01 3:29 p.m.•48 views

CVE-2017-16774

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.

6.5CVSS5.1AI score0.00282EPSS

CVE•added 2018/12/24 3:29 p.m.•46 views

CVE-2018-8917

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

6.5CVSS5.4AI score0.00201EPSS

CVE•added 2017/12/22 2:29 p.m.•45 views

CVE-2017-16766

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

6.5CVSS6.2AI score0.00576EPSS

CVE•added 2019/04/01 3:29 p.m.•42 views

CVE-2018-13286

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

6.5CVSS5.9AI score0.0027EPSS

CVE•added 2022/02/07 3:15 a.m.•37 views

CVE-2021-43929

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5CVSS4.5AI score0.00196EPSS