Vulnerabilities > Synology > Diskstation Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-01 | CVE-2015-2809 | Information Exposure vulnerability in Synology Diskstation Manager 3.0 The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | 5.0 |
| 2014-09-12 | CVE-2012-1556 | Cross-Site Scripting vulnerability in Synology Diskstation Manager and Synology Photo Station Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | 4.3 |
| 2014-03-02 | CVE-2014-2264 | Information Exposure vulnerability in Synology Diskstation Manager 4.33810 The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | 7.8 |
| 2014-01-09 | CVE-2013-6955 | Permissions, Privileges, and Access Controls vulnerability in Synology Diskstation Manager webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | 10.0 |
| 2013-12-31 | CVE-2013-6987 | Path Traversal vulnerability in Synology Diskstation Manager 4.33810 Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. | 7.5 |