GCVE - cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*

part: a version: 5.2 update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Diskstation Manager (`db429775-8112-5c04-a3e0-3177c21cf9b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3870`	vulnerable	2026-06-03 14:40:27.721553	Details available MEDIUM (6.1) A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Published: 2019-04-09T15:17:43.000Z Updated: 2024-08-04T19:19:18.603Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ https://www.samba.org/samba/security/CVE-2019-3870.html https://bugzilla.samba.org/show_bug.cgi?id=13834 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7184`	vulnerable	2026-06-03 14:39:01.590200	Details available ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. Published: 2018-03-06T20:00:00.000Z Updated: 2024-08-05T06:24:11.248Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html http://www.securityfocus.com/bid/103192 https://security.gentoo.org/glsa/201805-12 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.netapp.com/advisory/ntap-20180626-0001/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-13281`	vulnerable	2026-06-03 14:38:10.401444	Details available MEDIUM (4.3) Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Published: 2018-10-31T16:00:00.000Z Updated: 2024-09-16T23:56:58.076Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/support/security/Synology_SA_18_36	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14491`	vulnerable	2026-06-03 14:36:39.329819	Details available Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Published: 2017-10-02T21:00:00.000Z Updated: 2024-08-05T19:27:40.755Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1039474 https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq http://www.debian.org/security/2017/dsa-3989 https://access.redhat.com/security/vulnerabilities/3199382 http://www.securityfocus.com/bid/101085	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.