Vulnerabilidades em Synology

294 resultados
Análise Vexday

Com 294 CVEs catalogadas, o histórico da Synology apresenta taxa de exploração ativa abaixo da média geral do catálogo — nenhuma vulnerabilidade consta atualmente no CISA KEV —, o que sugere superfície de risco ativo relativamente contida em comparação ao universo de fornecedores monitorados. Ainda assim, 30 falhas classificadas como críticas e 6 com prova de conceito pública representam vetores concretos de ataque que exigem atenção contínua de equipes de patch management. O CVE mais perigoso em atividade, CVE-2017-15889, registra EPSS de 0,7245, indicando alta probabilidade estimada de exploração — sua antiguidade não reduz o risco, e ambientes que ainda não aplicaram a correção devem tratá-lo como prioridade imediata. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), somado às 25 CVEs surgidas nos últimos 90 dias, reforça a necessidade de ciclos de remediação regulares e monitoramento ativo de novas divulgações.

CVE-2018-8915MEDIUMCross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to EPSS 0.8%CVE-2019-11825MEDIUMCross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary EPSS 0.8%CVE-2024-29228HIGHMissing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allEPSS 0.8%CVE-2024-29229HIGHMissing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 aEPSS 0.8%CVE-2017-9555Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inEPSS 0.8%CVE-2017-9556Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated atEPSS 0.8%CVE-2017-15890Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inEPSS 0.8%CVE-2022-27612HIGHBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4EPSS 0.8%CVE-2021-34811MEDIUMServer-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote EPSS 0.8%CVE-2020-27651MEDIUMSynology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easiEPSS 0.8%CVE-2023-41740MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SREPSS 0.8%CVE-2022-27614MEDIUMExposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remEPSS 0.8%CVE-2024-29241CRITICALMissing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remEPSS 0.8%CVE-2018-8929HIGHImproper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-022EPSS 0.8%CVE-2022-27617MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar beforeEPSS 0.8%CVE-2022-27623HIGHMissing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.EPSS 0.8%CVE-2017-16766An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 aEPSS 0.7%CVE-2023-41739MEDIUMUncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote autEPSS 0.7%CVE-2018-8925HIGHCross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remEPSS 0.7%CVE-2023-47803MEDIUMA vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings fEPSS 0.7%