CVE-2022-43749
https://notcve.org/view.php?id=CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. Una vulnerabilidad de administración de privilegios inapropiada en la administración de informes de resumen en Synology Presto File Server versiones anteriores a 2.1.2-1601, permite a usuarios remotos autenticados omitir la restricción de seguridad por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_19 • CWE-269: Improper Privilege Management •
CVE-2022-27622
https://notcve.org/view.php?id=CVE-2022-27622
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en la funcionalidad Package Center en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a usuarios remotos autenticados acceder a recursos de la intranet por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-27623
https://notcve.org/view.php?id=CVE-2022-27623
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. Una falta de autenticación para la vulnerabilidad de la función crítica en la funcionalidad iSCSI management en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a atacantes remotos leer o escribir archivos arbitrarios por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_18 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-3576
https://notcve.org/view.php?id=CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos obtener información confidencial por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-125: Out-of-bounds Read •
CVE-2022-27624
https://notcve.org/view.php?id=CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •