Dsm
by Synology
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12076 | Med | 0.32 | 4.9 | 0.01 | Aug 28, 2017 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||
| CVE-2026-3483 | 0.00 | — | 0.00 | Mar 10, 2026 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-38648 | 0.00 | — | 0.01 | Jul 12, 2025 | A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. | |||
| CVE-2024-7572 | 0.00 | — | 0.00 | Dec 10, 2024 | Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. | |||
| CVE-2024-29213 | 0.00 | — | 0.00 | Oct 18, 2024 | Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||
| CVE-2024-29821 | 0.00 | — | 0.00 | Oct 18, 2024 | Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||
| CVE-2023-28129 | 0.00 | — | 0.00 | Aug 10, 2023 | DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | |||
| CVE-2010-3684 | 0.00 | — | 0.00 | Sep 29, 2010 | The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | |||
| CVE-2010-2453 | 0.00 | — | 0.01 | Sep 29, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP… |
- risk 0.32cvss 4.9epss 0.01
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
- CVE-2026-3483Mar 10, 2026risk 0.00cvss —epss 0.00
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-38648Jul 12, 2025risk 0.00cvss —epss 0.01
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
- CVE-2024-7572Dec 10, 2024risk 0.00cvss —epss 0.00
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
- CVE-2024-29213Oct 18, 2024risk 0.00cvss —epss 0.00
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.
- CVE-2024-29821Oct 18, 2024risk 0.00cvss —epss 0.00
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.
- CVE-2023-28129Aug 10, 2023risk 0.00cvss —epss 0.00
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
- CVE-2010-3684Sep 29, 2010risk 0.00cvss —epss 0.00
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
- CVE-2010-2453Sep 29, 2010risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP…