Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Diskstation_manager
(Synology)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-20 | CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware | 9.8 | ||
| 2018-12-24 | CVE-2018-8917 | Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | Diskstation_manager | 5.4 | ||
| 2018-12-24 | CVE-2018-8919 | Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | Diskstation_manager | 9.8 | ||
| 2018-12-24 | CVE-2018-8920 | Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | Diskstation_manager | 7.2 | ||
| 2019-04-01 | CVE-2017-16774 | Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | Diskstation_manager | 5.4 | ||
| 2019-04-01 | CVE-2018-13284 | Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | Diskstation_manager | 8.8 | ||
| 2019-04-01 | CVE-2018-13286 | Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | Diskstation_manager | 6.5 | ||
| 2019-04-01 | CVE-2018-13291 | Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | Diskstation_manager | 4.3 | ||
| 2019-04-01 | CVE-2018-13293 | Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | Diskstation_manager | 5.4 | ||
| 2019-04-09 | CVE-2019-3870 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is... | Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware | 6.1 |