Vulnerabilidades em Synology
294 resultadosCVE-2018-8921MEDIUMCross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated usersEPSS 0.8%CVE-2018-8923MEDIUMCross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users EPSS 0.8%CVE-2024-29229HIGHMissing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 aEPSS 0.8%CVE-2024-29228HIGHMissing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allEPSS 0.8%CVE-2017-9555—Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inEPSS 0.8%CVE-2017-9556—Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated atEPSS 0.8%CVE-2017-15890—Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inEPSS 0.8%CVE-2022-27612HIGHBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4EPSS 0.8%CVE-2021-34811MEDIUMServer-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote EPSS 0.8%CVE-2020-27651MEDIUMSynology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easiEPSS 0.8%CVE-2023-41740MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SREPSS 0.8%CVE-2022-27614MEDIUMExposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remEPSS 0.8%CVE-2024-29241CRITICALMissing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remEPSS 0.8%CVE-2022-27623HIGHMissing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.EPSS 0.8%CVE-2018-8929HIGHImproper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-022EPSS 0.8%CVE-2022-27617MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar beforeEPSS 0.8%CVE-2017-16766—An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 aEPSS 0.7%CVE-2023-41739MEDIUMUncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote autEPSS 0.7%CVE-2018-8925HIGHCross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remEPSS 0.7%CVE-2023-47803MEDIUMA vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings fEPSS 0.7%