Vulnerabilities in Synology

294 results

Vexday analysis

Com 294 CVEs catalogadas, o histórico da Synology apresenta taxa de exploração ativa abaixo da média geral do catálogo — nenhuma vulnerabilidade consta atualmente no CISA KEV —, o que sugere superfície de risco ativo relativamente contida em comparação ao universo de fornecedores monitorados. Ainda assim, 30 falhas classificadas como críticas e 6 com prova de conceito pública representam vetores concretos de ataque que exigem atenção contínua de equipes de patch management. O CVE mais perigoso em atividade, CVE-2017-15889, registra EPSS de 0,7245, indicando alta probabilidade estimada de exploração — sua antiguidade não reduz o risco, e ambientes que ainda não aplicaram a correção devem tratá-lo como prioridade imediata. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), somado às 25 CVEs surgidas nos últimos 90 dias, reforça a necessidade de ciclos de remediação regulares e monitoramento ativo de novas divulgações.

CVE-2024-47268MEDIUMMissing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remoteEPSS 0.3%CVE-2024-47271MEDIUMInsufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575EPSS 0.3%CVE-2024-47267LOWImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology SurEPSS 0.3%CVE-2021-47961HIGHA plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence EPSS 0.3%CVE-2024-5401MEDIUMImproper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-EPSS 0.3%CVE-2021-29088HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) beforeEPSS 0.3%CVE-2022-27619MEDIUMCleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 EPSS 0.3%CVE-2017-9552—A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. EPSS 0.3%CVE-2024-45538CRITICALCross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-728EPSS 0.3%CVE-2024-47263MEDIUMAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in SynEPSS 0.3%CVE-2022-22686MEDIUMCross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated usersEPSS 0.3%CVE-2021-33183HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in SynoloEPSS 0.3%CVE-2019-11820MEDIUMInformation exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentiaEPSS 0.3%CVE-2024-47273MEDIUMAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology HypEPSS 0.3%CVE-2024-39348HIGHDownload of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1EPSS 0.3%CVE-2025-10466MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access beEPSS 0.3%CVE-2024-13987MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote aEPSS 0.3%CVE-2024-53280MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionalEPSS 0.3%CVE-2024-53284MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in EPSS 0.3%CVE-2024-53282MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality EPSS 0.3%

← previouspage 13 / 15next →