The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of DSM

Linux kernel: integer overflow via create_elf_tables
An attacker can generate an integer overflow via create_elf_tables() of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
CERTFR-2018-AVI-457, CERTFR-2018-AVI-459, CERTFR-2018-AVI-460, CERTFR-2018-AVI-462, CERTFR-2018-AVI-478, CERTFR-2018-AVI-480, CERTFR-2018-AVI-567, CERTFR-2019-AVI-188, CERTFR-2019-AVI-242, CVE-2018-14634, DLA-1529-1, JSA10917, K20934447, PAN-SA-2019-0006, RHSA-2018:2748-01, RHSA-2018:2763-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, RHSA-2018:3591-01, RHSA-2018:3643-01, SUSE-SU-2018:2879-1, SUSE-SU-2018:2907-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3088-1, USN-3775-1, USN-3775-2, USN-3779-1, VIGILANCE-VUL-27320
Linux kernel: information disclosure via vmacache_flush_all
A local attacker can read a memory fragment via vmacache_flush_all() of the Linux kernel, in order to obtain sensitive information...
CERTFR-2018-AVI-462, CERTFR-2018-AVI-472, CERTFR-2018-AVI-480, CERTFR-2018-AVI-490, CERTFR-2018-AVI-508, CERTFR-2018-AVI-538, CERTFR-2019-AVI-019, CVE-2018-17182, DLA-1529-1, DLA-1531-1, DSA-4308-1, FEDORA-2018-d77cc41f35, FEDORA-2018-e820fccd83, openSUSE-SU-2018:3071-1, openSUSE-SU-2018:3202-1, RHSA-2018:3656-01, SSA:2018-264-01, SSB-439005, SUSE-SU-2018:3032-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2018:3100-1, SUSE-SU-2018:3159-1, SUSE-SU-2018:3659-1, SUSE-SU-2019:0095-1, USN-3776-1, USN-3776-2, USN-3777-1, USN-3777-2, USN-3777-3, VIGILANCE-VUL-27257
Synology DSM: Man-in-the-Middle via Web Proxy Auto-Discovery
An attacker can act as a Man-in-the-Middle via Web Proxy Auto-Discovery on Synology DSM, in order to read or write data in the session...
Synology-SA-18:53, VIGILANCE-VUL-27173, VU#598349
Synology DSM Android Moments: code execution
An attacker can use a vulnerability of Synology DSM Android Moments, in order to run code...
CVE-2018-13298, Synology-SA-18:52, VIGILANCE-VUL-27148
Linux kernel: privilege escalation via KVM sgdt/sidt/fxsave/fxrstor
An attacker, inside a guest system, can bypass restrictions via KVM sgdt/sidt/fxsave/fxrstor of the Linux kernel, in order to escalate his privileges on the host system...
1103505, CERTFR-2018-AVI-460, CERTFR-2018-AVI-462, CERTFR-2018-AVI-480, CERTFR-2018-AVI-508, CERTFR-2019-AVI-188, CERTFR-2020-AVI-007, CERTFR-2020-AVI-030, CERTFR-2020-AVI-051, CVE-2018-10853, openSUSE-SU-2019:1407-1, RHSA-2019:2029-01, RHSA-2019:2043-01, RHSA-2020:0036-01, RHSA-2020:0103-01, RHSA-2020:0179-01, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2019:1245-1, USN-3777-1, USN-3777-2, USN-3777-3, VIGILANCE-VUL-27130
Synology DSM: multiple vulnerabilities
An attacker can use several vulnerabilities of Synology DSM...
CVE-2018-13291, CVE-2018-13293, Synology-SA-18:51, VIGILANCE-VUL-27103
Synology DSM Drive: information disclosure
An attacker can bypass access restrictions to data of Synology DSM Drive, in order to obtain sensitive information...
CVE-2018-13297, Synology-SA-18:50, VIGILANCE-VUL-27086
Linux kernel: privilege escalation via Generic SCSI Driver
An attacker can bypass restrictions via Generic SCSI Driver of the Linux kernel, in order to escalate his privileges...
CERTFR-2018-AVI-408, CERTFR-2018-AVI-557, CVE-2017-13168, USN-3753-1, USN-3753-2, USN-3820-1, USN-3820-2, USN-3820-3, USN-3822-1, USN-3822-2, VIGILANCE-VUL-27071
Ghostscript: code execution via dSAFER
An attacker can use a vulnerability via dSAFER of Ghostscript, in order to run code...
openSUSE-SU-2018:2516-1, openSUSE-SU-2018:2516-2, openSUSE-SU-2018:2600-1, openSUSE-SU-2018:3094-1, SSA:2018-249-02, SUSE-SU-2018:2553-1, SUSE-SU-2018:2560-1, SUSE-SU-2018:2562-1, SUSE-SU-2018:3072-1, Synology-SA-18:49, VIGILANCE-VUL-27065, VU#332928
IPsec IKEv1 Main Mode: information disclosure via Brute Force
An attacker can bypass access restrictions to data via Brute Force of IKEv1 Main Mode, in order to obtain sensitive information...
CVE-2018-5389, FG-IR-18-214, K42378447, Synology-SA-18:46, VIGILANCE-VUL-27022, VU#857035
Our database contains other pages. You can request a free trial to read them.

Display information about DSM: