VYPR

Dsm

by Synology

CVEs (9)

  • CVE-2017-12076MedAug 28, 2017
    risk 0.32cvss 4.9epss 0.01

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

  • CVE-2026-3483Mar 10, 2026
    risk 0.00cvss epss 0.00

    An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-38648Jul 12, 2025
    risk 0.00cvss epss 0.01

    A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.

  • CVE-2024-7572Dec 10, 2024
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-29213Oct 18, 2024
    risk 0.00cvss epss 0.00

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.

  • CVE-2024-29821Oct 18, 2024
    risk 0.00cvss epss 0.00

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.

  • CVE-2023-28129Aug 10, 2023
    risk 0.00cvss epss 0.00

    DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

  • CVE-2010-3684Sep 29, 2010
    risk 0.00cvss epss 0.00

    The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

  • CVE-2010-2453Sep 29, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP…