Vulnerabilities > Synology > Diskstation Manager > 5.2.5565.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1160 | Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. | 9.8 |
| 2018-07-30 | CVE-2018-13280 | Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | 5.9 |
| 2018-06-08 | CVE-2018-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | 8.8 |
| 2018-06-08 | CVE-2017-12075 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | 7.5 |
| 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 5.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2017-12-08 | CVE-2017-15894 | Path Traversal vulnerability in Synology Diskstation Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 6.5 |
| 2017-12-04 | CVE-2017-15889 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | 8.8 |
| 2017-08-28 | CVE-2017-12076 | Resource Exhaustion vulnerability in Synology Diskstation Manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 4.9 |