Product:

Diskstation_manager

(Synology)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 88
Date Id Summary Products Score Patch Annotated
2018-12-24 CVE-2018-8920 Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. Diskstation_manager 7.2
2021-02-26 CVE-2021-26565 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 5.9
2021-04-01 CVE-2021-29083 Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. Diskstation_manager 7.2
2021-03-12 CVE-2021-27647 Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Diskstation_manager 9.8
2021-03-12 CVE-2021-27646 Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Diskstation_manager 9.8
2020-10-29 CVE-2020-27648 Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Diskstation_manager, Skynas_firmware 9.0
2020-10-29 CVE-2020-27650 Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Diskstation_manager, Skynas_firmware 3.7
2020-10-29 CVE-2020-27656 Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Diskstation_manager 3.7
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. Ubuntu_linux, Hpux\-Ntp, Hci, Solidfire, Ntp, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware N/A
2018-03-06 CVE-2018-7170 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. Hpux\-Ntp, Hci, Solidfire, Ntp, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware N/A