Vulnerabilities > Synology > Diskstation Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-22 CVE-2017-16766 Injection vulnerability in Synology Diskstation Manager
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
network
low complexity
synology CWE-74
6.5
6.5
2017-12-08 CVE-2017-15894 Path Traversal vulnerability in Synology Diskstation Manager
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
network
low complexity
synology CWE-22
6.5
6.5
2017-08-28 CVE-2017-12076 Resource Exhaustion vulnerability in Synology Diskstation Manager
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
network
low complexity
synology CWE-400
4.9
4.9
2017-07-24 CVE-2017-9554 Information Exposure vulnerability in Synology Diskstation Manager
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
network
low complexity
synology CWE-200
5.3
5.3