Vulnerabilidades em Synology
294 resultadosCVE-2017-15889—Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to exEPSS 72.5%CVE-2017-11155—An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtaiEPSS 44.6%CVE-2016-10329—Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code vEPSS 40.4%CVE-2024-10443CRITICALImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in SynoloEPSS 28.4%CVE-2024-50629MEDIUMImproper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology EPSS 27.0%CVE-2017-11151—A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitraryEPSS 25.3%CVE-2024-50631HIGHImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology EPSS 24.9%CVE-2024-50630HIGHMissing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280,EPSS 22.7%CVE-2017-11153—Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers EPSS 19.1%CVE-2022-43931CRITICALOut-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remoteEPSS 16.8%CVE-2017-11154—Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attaEPSS 14.2%CVE-2017-11152—Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackersEPSS 13.9%CVE-2020-27659HIGHMultiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web EPSS 5.1%CVE-2020-27654CRITICALImproper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitraryEPSS 4.6%CVE-2020-27660CRITICALSQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commandEPSS 4.6%CVE-2016-6554—Synology NAS servers DS107, DS116, and DS213, use default credentialsEPSS 4.1%CVE-2021-27646CRITICALUse After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers EPSS 3.8%CVE-2017-16772—Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 alloEPSS 3.2%CVE-2021-27647CRITICALOut-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackEPSS 3.1%CVE-2021-27648CRITICALExternally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-280EPSS 2.8%