Vulnerabilidades en Synology
294 resultadosCVE-2021-26563HIGHIncorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to eEPSS 0.5%CVE-2022-22682MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar EPSS 0.5%CVE-2025-14713HIGHAn Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote atEPSS 0.5%CVE-2025-1021HIGHMissing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 EPSS 0.5%CVE-2017-11159—Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attaEPSS 0.4%CVE-2024-47266LOWImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology AcEPSS 0.4%CVE-2024-5463MEDIUMA vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. EPSS 0.4%CVE-2025-29845MEDIUMA vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.EPSS 0.4%CVE-2025-29844MEDIUMA vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.EPSS 0.4%CVE-2017-11158—Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attEPSS 0.4%CVE-2024-45539HIGHOut-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology EPSS 0.4%CVE-2023-52943MEDIUMIncorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 aEPSS 0.4%CVE-2025-2848MEDIUMA vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some nonEPSS 0.4%CVE-2023-52944MEDIUMIncorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 alloEPSS 0.4%CVE-2024-0854MEDIUMURL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.EPSS 0.4%CVE-2025-54159HIGHMissing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrEPSS 0.4%CVE-2025-30028HIGHA vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.EPSS 0.4%CVE-2024-47265MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in SynoEPSS 0.4%CVE-2024-10445MEDIUMImproper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskEPSS 0.4%CVE-2025-29843MEDIUMA vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.EPSS 0.3%