Vulnerabilidades en Synology

294 resultados
Análisis Vexday

Com 294 CVEs catalogadas, o histórico da Synology apresenta taxa de exploração ativa abaixo da média geral do catálogo — nenhuma vulnerabilidade consta atualmente no CISA KEV —, o que sugere superfície de risco ativo relativamente contida em comparação ao universo de fornecedores monitorados. Ainda assim, 30 falhas classificadas como críticas e 6 com prova de conceito pública representam vetores concretos de ataque que exigem atenção contínua de equipes de patch management. O CVE mais perigoso em atividade, CVE-2017-15889, registra EPSS de 0,7245, indicando alta probabilidade estimada de exploração — sua antiguidade não reduz o risco, e ambientes que ainda não aplicaram a correção devem tratá-lo como prioridade imediata. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), somado às 25 CVEs surgidas nos últimos 90 dias, reforça a necessidade de ciclos de remediação regulares e monitoramento ativo de novas divulgações.

CVE-2021-26563HIGHIncorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to eEPSS 0.5%CVE-2022-22682MEDIUMImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar EPSS 0.5%CVE-2025-14713HIGHAn Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote atEPSS 0.5%CVE-2025-1021HIGHMissing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 EPSS 0.5%CVE-2017-11159Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attaEPSS 0.4%CVE-2024-47266LOWImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology AcEPSS 0.4%CVE-2024-5463MEDIUMA vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. EPSS 0.4%CVE-2017-11158Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attEPSS 0.4%CVE-2025-29844MEDIUMA vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.EPSS 0.4%CVE-2025-29845MEDIUMA vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.EPSS 0.4%CVE-2024-45539HIGHOut-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology EPSS 0.4%CVE-2023-52944MEDIUMIncorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 alloEPSS 0.4%CVE-2025-2848MEDIUMA vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some nonEPSS 0.4%CVE-2023-52943MEDIUMIncorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 aEPSS 0.4%CVE-2024-0854MEDIUMURL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.EPSS 0.4%CVE-2025-54159HIGHMissing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrEPSS 0.4%CVE-2025-30028HIGHA vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.EPSS 0.4%CVE-2024-47265MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in SynoEPSS 0.4%CVE-2024-10445MEDIUMImproper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskEPSS 0.4%CVE-2025-29843MEDIUMA vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.EPSS 0.3%