U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:synology:diskstation_manager:5.2-5565:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 43 matching records.
Displaying matches 41 through 43.
Vuln ID Summary CVSS Severity
CVE-2017-9554

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

Published: July 24, 2017; 4:29:00 PM -0400
V4.0:(not available)
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-9553

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

Published: July 24, 2017; 4:29:00 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2015-4655

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

Published: June 18, 2015; 2:59:06 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM