Vulnerabilidades em Synology
294 resultadosCVE-2021-43929MEDIUMImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in EPSS 0.6%CVE-2024-29227MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in EPSS 0.6%CVE-2024-29230MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi componEPSS 0.6%CVE-2024-29234MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in SynologEPSS 0.6%CVE-2024-29237MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in EPSS 0.6%CVE-2024-29235MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in SEPSS 0.6%CVE-2024-29239MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi compoEPSS 0.6%CVE-2024-29238MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component iEPSS 0.6%CVE-2024-29232MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in SynologEPSS 0.6%CVE-2024-29233MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in SynoloEPSS 0.6%CVE-2024-29236MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component iEPSS 0.6%CVE-2020-27657MEDIUMCleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-mEPSS 0.6%CVE-2020-27650MEDIUMSynology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makesEPSS 0.6%CVE-2020-27656MEDIUMCleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-EPSS 0.5%CVE-2022-49037MEDIUMInsertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allowEPSS 0.5%CVE-2024-4464HIGHAuthorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 andEPSS 0.5%CVE-2025-13392HIGHImproper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3EPSS 0.5%CVE-2024-47264MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology ActiEPSS 0.5%CVE-2024-39347MEDIUMIncorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8EPSS 0.5%CVE-2023-52946HIGHBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client beforEPSS 0.5%