Vulnerabilities > Synology > Diskstation Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-13284 | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2017-16774 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | 5.4 |
| 2018-12-24 | CVE-2018-8920 | Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 7.2 |
| 2018-12-24 | CVE-2018-8919 | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | 9.8 |
| 2018-12-24 | CVE-2018-8917 | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 5.4 |
| 2018-12-20 | CVE-2018-1160 | Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. | 9.8 |
| 2018-10-31 | CVE-2018-13281 | Information Exposure vulnerability in Synology Diskstation Manager, Skynas and Vs960Hd Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | 4.3 |
| 2018-07-30 | CVE-2018-13280 | Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | 5.9 |
| 2018-06-08 | CVE-2018-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | 8.8 |
| 2018-06-08 | CVE-2017-12075 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |