Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
diskstation manager vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-9554
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) prior to 6.1.3-15152 allows remote malicious users to enumerate valid usernames via unspecified vectors.
Synology Diskstation Manager
1 EDB exploit
2 Github repositories
6.5
CVSSv2
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 prior to 2.2.7.1 allow local malicious users to execute arbitrary code via filename and pathname options.
Synology Diskstation Manager
Synology Vs960hd Firmware -
Synology Skynas Firmware -
Synology Diskstation Manager Unified Controller 3.0
Faad2 Project Faad2
5.1
CVSSv2
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
7.8
CVSSv2
CVE-2014-2264
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote malicious users to obtain access via a VPN session.
Synology Diskstation Manager 4.3-3810
7.5
CVSSv2
CVE-2013-6987
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) prior to 4.3-3810 Update 3 allow remote malicious users to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (...
Synology Diskstation Manager 4.3-3810
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2020-27648
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Diskstation Manager
Synology Skynas Firmware
5.1
CVSSv2
CVE-2020-27652
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Diskstation Manager
Synology Skynas Firmware
1 Github repository
4.3
CVSSv2
CVE-2020-27650
Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Diskstation Manager
Synology Skynas Firmware
3.5
CVSSv2
CVE-2018-7170
ntpd in ntp 4.2.x prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issu...
Ntp Ntp 4.2.8
Ntp Ntp
Synology Diskstation Manager
Synology Router Manager
Synology Skynas
Synology Virtual Diskstation Manager
Synology Vs960hd Firmware
Netapp Hci -
Netapp Solidfire -
Hpe Hpux-ntp
5
CVSSv2
CVE-2018-7184
ntpd in ntp 4.2.8p4 prior to 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote malicious users to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting ...
Ntp Ntp 4.2.8
Synology Skynas -
Synology Virtual Diskstation Manager -
Synology Router Manager 1.1
Synology Diskstation Manager 6.0
Synology Diskstation Manager 5.2
Synology Diskstation Manager 6.1
Synology Vs960hd Firmware -
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 14.2
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »