| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of DSM
Synology Photo Station: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Synology Photo Station.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: intranet client.
Creation date: 10/01/2018.
Identifiers: CVE-2017-16771, Synology-SA-18:02, VIGILANCE-VUL-24999.
Description of the vulnerability
An attacker can use several vulnerabilities of Synology Photo Station.
Full Vigil@nce bulletin... (Free trial) |
Intel Processors: memory reading via Meltdown
Synthesis of the vulnerability
When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/01/2018.
Revision date: 05/01/2018.
Identifiers: 2016636, 519675, ADV180002, CERTFR-2018-ALE-001, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-014, CERTFR-2018-AVI-017, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-077, CERTFR-2018-AVI-079, CERTFR-2018-AVI-114, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-208, CERTFR-2018-AVI-225, cisco-sa-20180104-cpusidechannel, cpuapr2019, CTX231390, CTX231399, CTX234679, CVE-2017-5754, DLA-1232-1, DLA-1349-1, DSA-2018-049, DSA-4078-1, DSA-4082-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, FG-IR-18-002, FreeBSD-SA-18:03.speculative_execution, HT208331, HT208334, HT208394, HT208465, JSA10842, JSA10873, K91229003, MBGSA-1801, Meltdown, N1022433, nas8N1022433, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:1623-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0464-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, SA161, SB10226, spectre_meltdown_advisory, SSA-168644, SSA:2018-016-01, SSA:2018-037-01, STORM-2018-001, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:2528-1, Synology-SA-18:01, USN-3516-1, USN-3522-1, USN-3522-2, USN-3522-3, USN-3522-4, USN-3523-1, USN-3523-2, USN-3523-3, USN-3524-1, USN-3524-2, USN-3525-1, USN-3540-1, USN-3540-2, USN-3541-1, USN-3541-2, USN-3583-1, USN-3583-2, USN-3597-1, USN-3597-2, VIGILANCE-VUL-24933, VMSA-2018-0007, VN-2018-001, VN-2018-002, VU#584653, XSA-254.
Description of the vulnerability
When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Synology MailPlus Server: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Synology MailPlus Server, in order to run JavaScript code in the context of the web site.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: CVE-2017-16768, Synology-SA-17:81, VIGILANCE-VUL-24900.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of Synology MailPlus Server, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Synology Photo Station: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Synology Photo Station, in order to run JavaScript code in the context of the web site.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/12/2017.
Identifiers: CVE-2017-12072, Synology-SA-17:80, VIGILANCE-VUL-24849.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of Synology Photo Station, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Synology SRM: code execution
Synthesis of the vulnerability
An attacker can use a vulnerability of Synology SRM, in order to run code.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 19/12/2017.
Identifiers: CVE-2017-12078, Synology-SA-17:79, VIGILANCE-VUL-24823.
Description of the vulnerability
An attacker can use a vulnerability of Synology SRM, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Synology Chat: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Synology Chat, in order to run JavaScript code in the context of the web site.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/12/2017.
Identifiers: CVE-2017-15886, CVE-2017-15892, Synology-SA-17:78, VIGILANCE-VUL-24799.
Description of the vulnerability
The Synology Chat product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Synology Chat, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via raw_sendmsg
Synthesis of the vulnerability
An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/12/2017.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-094, CERTFR-2018-AVI-124, CERTFR-2018-AVI-196, CVE-2017-17712, DSA-4073-1, FEDORA-2017-7810b7c59f, FEDORA-2017-f7cb245861, FEDORA-2018-884a105c04, LSN-0035-1, openSUSE-SU-2018:0408-1, RHSA-2018:0502-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0986-1, Synology-SA-18:14, USN-3581-1, USN-3581-2, USN-3581-3, USN-3582-1, USN-3582-2, VIGILANCE-VUL-24787.
Description of the vulnerability
An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via snd_pcm_control_ioctl
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via snd_pcm_control_ioctl() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Junos Space, Linux, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/12/2017.
Identifiers: CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-198, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-232, CERTFR-2018-AVI-241, CERTFR-2018-AVI-386, cpuapr2019, CVE-2017-0861, DLA-1369-1, DSA-4187-1, JSA10917, RHSA-2018:2390-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, SUSE-SU-2018:1309-1, Synology-SA-18:51, USN-3583-1, USN-3583-2, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3632-1, VIGILANCE-VUL-24772.
Description of the vulnerability
An attacker can force the usage of a freed memory area via snd_pcm_control_ioctl() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Synology Surveillance Station: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Synology Surveillance Station.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 12/12/2017.
Identifiers: Synology-SA-17:77, VIGILANCE-VUL-24741.
Description of the vulnerability
An attacker can use several vulnerabilities of Synology Surveillance Station.
Full Vigil@nce bulletin... (Free trial) |
Synology Router Manager: directory traversal
Synthesis of the vulnerability
An attacker can traverse directories of Synology Router Manager, in order to create a file outside the service root path.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 11/12/2017.
Identifiers: CVE-2017-15895, Synology-SA-17:71, VIGILANCE-VUL-24725.
Description of the vulnerability
An attacker can traverse directories of Synology Router Manager, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about DSM:
|