Synology DiskStation Manager (DSM) 6.1.7-15284

CPE Details

Synology DiskStation Manager (DSM) 6.1.7-15284
synology
diskstation_manager
6.1.7-15284
2025-01-14
18h29 +00:00
2025-01-14
18h29 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:synology:diskstation_manager:6.1.7-15284:*:*:*:*:*:*:*

Informations

Vendor

synology

Product

diskstation_manager

Version

6.1.7-15284

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-0854 2024-01-24 10h08 +00:00 URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
5.4
Moyen
CVE-2022-27622 2022-10-25 16h30 +00:00 Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.
4.3
Moyen
CVE-2022-27623 2022-10-25 16h30 +00:00 Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
9.1
Critique
CVE-2022-3576 2022-10-20 05h50 +00:00 A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
7.5
Haute
CVE-2022-27624 2022-10-20 05h50 +00:00 A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
10
Critique
CVE-2022-27625 2022-10-20 05h50 +00:00 A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
10
Critique
CVE-2022-27626 2022-10-20 05h50 +00:00 A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
10
Critique
CVE-2022-22684 2022-07-28 06h25 +00:00 Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
8.8
Haute
CVE-2021-33182 2021-06-01 09h50 +00:00 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
5
Moyen
CVE-2021-29088 2021-06-01 09h45 +00:00 Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
7.8
Haute
CVE-2021-29083 2021-04-01 05h20 +00:00 Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
7.2
Haute
CVE-2021-27646 2021-03-12 06h45 +00:00 Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
9.8
Critique
CVE-2021-26569 2021-03-12 06h40 +00:00 Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
9.8
Critique
CVE-2021-27647 2021-03-12 06h35 +00:00 Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
9.8
Critique
CVE-2021-26567 2021-02-26 21h45 +00:00 Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
7.8
Haute
CVE-2021-26566 2021-02-26 21h45 +00:00 Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
9
Critique
CVE-2021-26565 2021-02-26 21h45 +00:00 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
8.3
Haute
CVE-2021-26564 2021-02-26 21h45 +00:00 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
8.7
Haute
CVE-2021-26563 2021-02-26 21h45 +00:00 Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
8.2
Haute
CVE-2021-26562 2021-02-26 21h45 +00:00 Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
9
Critique
CVE-2021-26561 2021-02-26 21h45 +00:00 Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
9
Critique
CVE-2021-26560 2021-02-26 21h45 +00:00 Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
9
Critique
CVE-2018-13293 2019-04-01 14h28 +00:00 Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
5.9
Moyen
CVE-2018-13291 2019-04-01 14h28 +00:00 Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
4.3
Moyen
CVE-2018-13286 2019-04-01 14h26 +00:00 Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
6.5
Moyen
CVE-2018-13284 2019-04-01 14h26 +00:00 Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
8.8
Haute
CVE-2018-1160 2018-12-20 21h00 +00:00 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
9.8
Critique
CVE-2018-13281 2018-10-31 16h00 +00:00 Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
4.3
Moyen
CVE-2018-13280 2018-07-30 12h00 +00:00 Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
7.4
Haute
CVE-2017-12075 2018-06-08 13h00 +00:00 Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
7.2
Haute
CVE-2018-8916 2018-06-08 13h00 +00:00 Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
8.8
Haute
CVE-2017-5753 2018-01-04 13h00 +00:00 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6
Moyen