Vulnerabilities > Synology > Diskstation Manager > 5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-08 | CVE-2017-15894 | Path Traversal vulnerability in Synology Diskstation Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 4.0 |
| 2017-12-04 | CVE-2017-15889 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | 6.5 |
| 2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |
| 2017-08-28 | CVE-2017-12076 | Resource Exhaustion vulnerability in Synology Diskstation Manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 4.0 |
| 2017-07-24 | CVE-2017-9554 | Information Exposure vulnerability in Synology Diskstation Manager An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | 5.0 |
| 2017-07-24 | CVE-2017-9553 | Unspecified vulnerability in Synology Diskstation Manager A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. network synology | 4.3 |
| 2015-06-18 | CVE-2015-4655 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | 4.3 |