The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Synology DSM

Linux kernel: denial of service via nfsxdr.c
An attacker can generate a fatal error via nfsxdr.c on the Linux kernel, in order to trigger a denial of service...
CERTFR-2017-AVI-169, CERTFR-2017-AVI-233, CERTFR-2017-AVI-245, CERTFR-2017-AVI-262, CERTFR-2017-AVI-267, CVE-2017-7895, DLA-993-1, DLA-993-2, DSA-3886-1, DSA-3886-2, FEDORA-2017-ad045f80ac, FEDORA-2017-b9b1ac0d15, JSA11023, RHSA-2017:1615-01, RHSA-2017:1616-01, RHSA-2017:1715-01, RHSA-2017:1723-01, RHSA-2017:1766-01, RHSA-2017:1798-01, RHSA-2017:2412-01, RHSA-2017:2428-01, RHSA-2017:2429-01, RHSA-2017:2472-01, USN-3312-1, USN-3312-2, USN-3314-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3361-1, VIGILANCE-VUL-22615
Linux kernel: denial of service via NFS RPC Reply
An attacker can generate a fatal error via NFS RPC Reply on the Linux kernel, in order to trigger a denial of service...
CERTFR-2017-AVI-162, CERTFR-2017-AVI-169, CERTFR-2018-AVI-228, CERTFR-2018-AVI-408, CVE-2017-7645, DLA-993-1, DLA-993-2, DSA-3886-1, DSA-3886-2, FEDORA-2017-0aa0f69e0c, FEDORA-2017-7462231059, openSUSE-SU-2017:1513-1, RHSA-2017:1615-01, RHSA-2017:1616-01, RHSA-2018:1319-01, SA148, SUSE-SU-2017:1360-1, USN-3312-1, USN-3312-2, USN-3314-1, USN-3361-1, USN-3754-1, VIGILANCE-VUL-22580
MediaWiki: multiple vulnerabilities
An attacker can use several vulnerabilities of MediaWiki...
CVE-2017-0361, CVE-2017-0362, CVE-2017-0363, CVE-2017-0364, CVE-2017-0365, CVE-2017-0366, CVE-2017-0367, CVE-2017-0368, CVE-2017-0369, CVE-2017-0370, CVE-2017-0372, FEDORA-2017-2643ef1cad, FEDORA-2017-3fb95ed01f, VIGILANCE-VUL-22469
Linux kernel: memory corruption via UDP MSG_PEEK
An attacker can generate a memory corruption via UDP on applications using the MSG_PEEK option on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
CERTFR-2016-AVI-004, CERTFR-2016-AVI-073, CERTFR-2017-AVI-390, CERTFR-2019-AVI-358, CVE-2016-10229, DSA-3434-1, FG-IR-17-118, PAN-SA-2017-0018, SA148, SUSE-SU-2016:0168-1, SUSE-SU-2016:0585-1, SUSE-SU-2017:2920-1, VIGILANCE-VUL-22314
NTP.org: multiple vulnerabilities
An attacker can use several vulnerabilities of NTP.org...
APPLE-SA-2017-09-25-1, bulletinapr2017, CERTFR-2021-AVI-442, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, DSA-2020-030, FEDORA-2017-5ebac1c112, FEDORA-2017-72323a442f, FreeBSD-SA-17:03.ntp, HT208144, K02951273, K07082049, K32262483, K-511308, K99254031, NTP-01-002, NTP-01-003, NTP-01-004, NTP-01-007, NTP-01-008, NTP-01-009, NTP-01-012, NTP-01-014, NTP-01-016, PAN-SA-2017-0022, RHSA-2017:3071-01, RHSA-2018:0855-01, SA147, SB10201, SSA:2017-112-02, SSA-211752, TALOS-2016-0260, USN-3349-1, VIGILANCE-VUL-22217, VU#633847
Linux kernel: memory corruption via xfrm_replay_verify_len
An attacker can generate a memory corruption via xfrm_replay_verify_len() on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
CERTFR-2017-AVI-094, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CERTFR-2017-AVI-375, CERTFR-2019-AVI-621, CVE-2017-7184, DLA-922-1, FEDORA-2017-02174df32f, FEDORA-2017-93dec9eba5, openSUSE-SU-2017:0906-1, openSUSE-SU-2017:0907-1, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, RHSA-2019:4159-01, SUSE-SU-2017:0864-1, SUSE-SU-2017:0865-1, SUSE-SU-2017:0866-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3248-1, USN-3249-1, USN-3249-2, USN-3250-1, USN-3250-2, USN-3251-1, USN-3251-2, VIGILANCE-VUL-22289, ZDI-17-240
Synology Photo Station: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Synology Photo Station, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-22249
Samba: read-write access via SMB Symlink Race
An attacker can bypass access restrictions via SMB Symlink Race of Samba, in order to read or alter data...
1039, bulletinapr2017, CERTFR-2017-AVI-091, CVE-2017-2619, DLA-894-1, DSA-3816-1, DSA-3816-2, FEDORA-2017-97fb93e1d1, FEDORA-2017-c22a1dbe8b, JSA10917, openSUSE-SU-2017:0935-1, openSUSE-SU-2017:0944-1, RHSA-2017:1265-01, RHSA-2017:2789-01, SSA:2017-082-02, SSA:2017-091-01, SUSE-SU-2017:0841-1, SUSE-SU-2017:0858-1, SUSE-SU-2017:0859-1, SUSE-SU-2017:0862-1, SUSE-SU-2017:1216-1, USN-3242-1, USN-3242-2, USN-3267-1, VIGILANCE-VUL-22234
Synology: code execution via PHP objects for Moodle
An attacker can send packed objects to the user preferences module of Moodle in Synology devices, in order to run code...
CVE-2017-2641, VIGILANCE-VUL-22233
wget: information disclosure via Header Injection
An attacker can bypass access restrictions to data via Header Injection of wget, in order to obtain sensitive information...
CVE-2017-6508, DLA-851-1, FEDORA-2017-22f1a8404e, FEDORA-2017-38c3781b89, FEDORA-2017-ed1c665a3f, openSUSE-SU-2017:0890-1, USN-3464-1, USN-3464-2, VIGILANCE-VUL-22055
Our database contains other pages. You can request a free trial to read them.

Display information about Synology DSM: