Vulnerabilidades em Synology
294 resultadosCVE-2024-11131CRITICALA vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unsEPSS 0.7%CVE-2020-27648HIGHImproper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-theEPSS 0.7%CVE-2020-27649HIGHImproper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle EPSS 0.7%CVE-2019-11828MEDIUMCross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitraryEPSS 0.7%CVE-2022-43748MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology PrestoEPSS 0.7%CVE-2016-10330—Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local usEPSS 0.7%CVE-2021-26560CRITICALCleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426EPSS 0.7%CVE-2023-41741MEDIUMExposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346EPSS 0.7%CVE-2024-29240MEDIUMMissing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allowsEPSS 0.7%CVE-2021-26565HIGHCleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allowEPSS 0.7%CVE-2024-39350HIGHA vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to oEPSS 0.7%CVE-2022-27622MEDIUMServer-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 alloEPSS 0.7%CVE-2024-29231MEDIUMImproper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 aEPSS 0.7%CVE-2024-11398HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router MEPSS 0.6%CVE-2018-13280HIGHUse of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allEPSS 0.6%CVE-2022-27621MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy beforeEPSS 0.6%CVE-2015-9104—Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticatedEPSS 0.6%CVE-2022-43749MEDIUMImproper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authEPSS 0.6%CVE-2025-29846HIGHA vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.EPSS 0.6%CVE-2021-26564HIGHCleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allowEPSS 0.6%