6.1.7.15284.3

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-26	CVE-2021-26561	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology products Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. network high complexity synology CWE-119	8.1
2021-02-26	CVE-2021-26560	Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. network high complexity synology CWE-319	7.4
2019-04-01	CVE-2018-13293	Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. network low complexity synology CWE-79	5.4
2019-04-01	CVE-2018-13291	Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. network low complexity synology CWE-200	4.3
2018-07-30	CVE-2018-13280	Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. network high complexity synology CWE-330	5.9
2018-06-08	CVE-2018-8916	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. network low complexity synology CWE-640	8.8
2018-06-08	CVE-2017-12075	Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. network low complexity synology CWE-77	7.2
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6