Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology diskstation manager vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2020-27650
Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Diskstation Manager
Synology Skynas Firmware
3.7
CVSSv3
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to eavesdrop authentication information of DNSExit via unspecified vectors.
Synology Diskstation Manager
NA
CVE-2015-4655
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) prior to 5.2-5565 Update 1 allows remote malicious users to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
Synology Diskstation Manager
NA
CVE-2015-2809
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) prior to 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote malicious users to cause a denial of service (traffic amplification) or obtain potent...
Synology Diskstation Manager
NA
CVE-2012-1556
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote malicious users to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
Synology Diskstation Manager 3.2-1955
Synology Synology Photo Station 5
1 EDB exploit
NA
CVE-2014-2264
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote malicious users to obtain access via a VPN session.
Synology Diskstation Manager 4.3-3810
NA
CVE-2013-6955
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 prior to 4.0-2259, 4.2 prior to 4.2-3243, and 4.3 prior to 4.3-3810 Update 1 allows remote malicious users to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPL...
Synology Diskstation Manager 4.3
Synology Diskstation Manager 4.2
Synology Diskstation Manager 4.0
Synology Diskstation Manager 4.3-3810
1 EDB exploit
NA
CVE-2013-6987
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) prior to 4.3-3810 Update 3 allow remote malicious users to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (...
Synology Diskstation Manager 4.3-3810
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9