Diskstation_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Diskstation_manager
(Synology)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	88

Date	Id	Summary	Products	Score	Patch	Annotated
2018-07-30	CVE-2018-13280	Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.	Diskstation_manager	5.9
2018-10-31	CVE-2018-13281	Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.	Diskstation_manager, Skynas, Vs960hd	4.3
2018-12-20	CVE-2018-1160	Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.	Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware	9.8
2018-12-24	CVE-2018-8917	Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.	Diskstation_manager	5.4
2018-12-24	CVE-2018-8919	Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.	Diskstation_manager	9.8
2018-12-24	CVE-2018-8920	Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.	Diskstation_manager	7.2
2019-04-01	CVE-2017-16774	Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.	Diskstation_manager	5.4
2019-04-01	CVE-2018-13284	Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.	Diskstation_manager	8.8
2019-04-01	CVE-2018-13286	Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	6.5
2019-04-01	CVE-2018-13291	Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	4.3