CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27625
https://notcve.org/view.php?id=CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad message processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27626
https://notcve.org/view.php?id=CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos compartidos con una sincronización inapropiada ("Condición de Carrera") en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22684
https://notcve.org/view.php?id=CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. La neutralización inadecuada de los elementos especiales utilizados en un comando del sistema operativo ("inyección de comandos del sistema operativo") es una vulnerabilidad del componente de gestión de tareas de Synology DiskStation Manager (DSM) anterior a la versión 6.2.4-25553 que permite a los usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33182
https://notcve.org/view.php?id=CVE-2021-33182
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente PDF Viewer en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.4-25553, permite a usuarios autenticados remotos leer archivos limitados por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29088
https://notcve.org/view.php?id=CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente cgi en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.4-25553 permite a usuarios locales ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •