Vulnerabilities > Synology > Diskstation Manager > 4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-24 | CVE-2017-9553 | Unspecified vulnerability in Synology Diskstation Manager A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. network synology | 4.3 |
2015-06-18 | CVE-2015-4655 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | 4.3 |
2014-01-09 | CVE-2013-6955 | Permissions, Privileges, and Access Controls vulnerability in Synology Diskstation Manager webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | 10.0 |