Diskstation_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Diskstation_manager
(Synology)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	88

Date	Id	Summary	Products	Score	Patch	Annotated
2018-12-24	CVE-2018-8917	Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.	Diskstation_manager	5.4
2018-06-08	CVE-2018-8916	Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.	Diskstation_manager	8.8
2019-04-01	CVE-2018-13293	Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.	Diskstation_manager	5.4
2019-04-01	CVE-2018-13291	Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	4.3
2019-04-01	CVE-2018-13286	Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.	Diskstation_manager	6.5
2019-04-01	CVE-2018-13284	Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.	Diskstation_manager	8.8
2018-10-31	CVE-2018-13281	Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.	Diskstation_manager, Skynas, Vs960hd	4.3
2018-07-30	CVE-2018-13280	Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.	Diskstation_manager	5.9
2019-04-01	CVE-2017-16774	Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.	Diskstation_manager	5.4
2017-12-22	CVE-2017-16766	An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.	Diskstation_manager	6.5