6.1.7.15284.1

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-26	CVE-2021-26560	Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. network synology CWE-319	5.8
2019-04-01	CVE-2018-13293	Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. network synology CWE-79	3.5
2019-04-01	CVE-2018-13291	Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. network low complexity synology CWE-200	4.0
2018-12-20	CVE-2018-1160	Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. network low complexity netatalk synology debian CWE-787 critical	9.8
2018-10-31	CVE-2018-13281	Information Exposure vulnerability in Synology Diskstation Manager, Skynas and Vs960Hd Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. network low complexity synology CWE-200	4.0
2018-07-30	CVE-2018-13280	Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. network synology CWE-330	4.3
2018-06-08	CVE-2018-8916	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. network low complexity synology CWE-640	4.0
2018-06-08	CVE-2017-12075	Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. network low complexity synology CWE-77	6.5
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	4.7