Lucene search
K

19 matches found

EUVD
EUVD
added 2026/04/10 12:31 p.m.5 views

EUVD-2021-34779

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 12:31 p.m.4 views

EUVD-2021-34777

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:22 a.m.2 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 9:22 a.m.12 views

CVE-2021-47961

The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/10 9:22 a.m.31 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/10 9:21 a.m.6 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

Synology SSL VPN Client 安全漏洞

The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from improper storage of...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.11 views

PT-2026-31905

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A flaw exists in Synology SSL VPN Client that allows remote attackers to access files within the installation directory. This is achieved by leveraging a local HTTP server bound ...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31906

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...

9.4CVSS5.9AI score0.00322EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/06 1:45 a.m.8 views

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS8AI score0.16841EPSS
Exploits0References1
OSV
OSV
added 2023/11/07 4:24 a.m.3 views

CVE-2023-5748

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

5.5CVSS5.8AI score0.00194EPSS
Exploits0References1
Prion
Prion
added 2023/11/07 4:24 a.m.21 views

Buffer overflow

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

1.7CVSS6.8AI score0.00194EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/03 4:15 a.m.39 views

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS9.9AI score0.16841EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 3:11 a.m.20 views

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS10AI score0.16841EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/03 3:11 a.m.5 views

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS8AI score0.16841EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/30 12:0 a.m.5 views

PT-2022-6125

Name of the Vulnerable Software and Affected Versions Synology VPN Plus Server versions prior to 1.4.3-0534 and 1.4.4-0635 Description The issue is related to an out-of-bounds write vulnerability in the Remote Desktop functionality of Synology VPN Plus Server. This vulnerability can be exploited ...

10CVSS10AI score0.16841EPSS
Exploits0References7
CNVD
CNVD
added 2019/04/03 12:0 a.m.4 views

Synology SSL VPN Client Privilege Permission and Access Control Issues Vulnerability

Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from Synology, Taiwan, China. A vulnerability exists in Synology SSL VPN Client with privilege permission and access control issues. An attacker can exploit this vulnerability to conduct a man-in-the-middle...

8.8CVSS6.8AI score0.01384EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 3:29 p.m.2 views

CVE-2018-13283

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the 1 command, 2 hostname, or 3 port parameter...

7.4CVSS5.8AI score0.01384EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/10 12:0 a.m.3 views

Synology SSL VPN Client Man-in-the-Middle Attack Vulnerability

Synology SSL VPN Client is a VPN client software for connecting to internal encrypted networks from Synology. A security vulnerability exists in the HTTP daemon in Synology SSL VPN Client versions prior to 1.2.4-0224, which stems from the program's failure to enforce proper restrictions on the...

8.1CVSS7.8AI score0.00753EPSS
Exploits0References1
Rows per page
Query Builder