CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0854
https://notcve.org/view.php?id=CVE-2024-0854
24 Jan 2024 — URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en el componente de acceso a archivos de Synology DiskStation Manager (DSM) anterior a 7.2.1-69057-2 permite a usuarios remotos autenticados realizar ataques de phishing a través de v... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_02 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2729
https://notcve.org/view.php?id=CVE-2023-2729
13 Jun 2023 — Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_07 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-0142
https://notcve.org/view.php?id=CVE-2023-0142
13 Jun 2023 — Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified ... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_05 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27622
https://notcve.org/view.php?id=CVE-2022-27622
25 Oct 2022 — Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en la funcionalidad Package Center en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a usuarios remotos autenticados acceder a recursos de la intranet por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27623
https://notcve.org/view.php?id=CVE-2022-27623
25 Oct 2022 — Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. Una falta de autenticación para la vulnerabilidad de la función crítica en la funcionalidad iSCSI management en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a atacantes remotos leer o escribir archivos arbitrarios por medio de vectores no especificad... • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3576
https://notcve.org/view.php?id=CVE-2022-3576
20 Oct 2022 — A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite ... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27624
https://notcve.org/view.php?id=CVE-2022-27624
20 Oct 2022 — A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27625
https://notcve.org/view.php?id=CVE-2022-27625
20 Oct 2022 — A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límite... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27626
https://notcve.org/view.php?id=CVE-2022-27626
20 Oct 2022 — A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos co... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27621
https://notcve.org/view.php?id=CVE-2022-27621
03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") en el componente webapi de Synology USB Copy versiones anteriores a 2.2.0-1086, permite a usuarios remotos autenticados leer o escribir archivos arbitrarios... • https://www.synology.com/security/advisory/Synology_SA_22_14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •