Diskstation_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Diskstation_manager
(Synology)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	88

Date	Id	Summary	Products	Score	Patch	Annotated
2019-04-01	CVE-2018-13293	Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.	Diskstation_manager	5.4
2019-04-09	CVE-2019-3870	A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is...	Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware	6.1
2020-01-21	CVE-2019-14907	All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as...	Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux, Storage, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas	6.5
2020-01-21	CVE-2019-19344	There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.	Ubuntu_linux, Leap, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas	6.5
2020-10-29	CVE-2020-27648	Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	Diskstation_manager, Skynas_firmware	9.0
2020-10-29	CVE-2020-27650	Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.	Diskstation_manager, Skynas_firmware	3.7
2020-10-29	CVE-2020-27652	Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.	Diskstation_manager, Skynas_firmware	8.3
2020-10-29	CVE-2020-27653	Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.	Diskstation_manager, Router_manager	8.3
2020-10-29	CVE-2020-27656	Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.	Diskstation_manager	3.7
2021-02-26	CVE-2021-26560	Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	7.4