NotCVE - vendor:"Synology" product:"Diskstation Manager" version:" >= 6.2

Page 2 of 73 results (0.021 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-27620

https://notcve.org/view.php?id=CVE-2022-27620

03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") es una vulnerabilidad en el componente webapi de Synology SSO Server versiones anteriores a 2.2.3-0331, que permite a usuarios remotos autenticados leer archivos arbitrarios por med... • https://www.synology.com/security/advisory/Synology_SA_22_13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-27618

https://notcve.org/view.php?id=CVE-2022-27618

03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") es una vulnerabilidad del componente webapi en Synology Storage Analyzer versiones anteriores a 2.1.0-0390, que permite a usuarios remotos autenticados eliminar archivos arb... • https://www.synology.com/security/advisory/Synology_SA_22_11 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-27617

https://notcve.org/view.php?id=CVE-2022-27617

03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") es una vulnerabilidad del componente webapi en Synology Calendar versiones anteriores a 2.3.4-0631, que permite a usuarios remotos autenticados descargar archivos arbitrarios por ... • https://www.synology.com/security/advisory/Synology_SA_20_07 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-27616

https://notcve.org/view.php?id=CVE-2022-27616

03 Aug 2022 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo ("Inyección de Comandos del Sistema Operativo") en el componente webapi en Synology DiskStation Manager (DSM) versiones... • https://www.synology.com/security/advisory/Synology_SA_22_03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-22683

https://notcve.org/view.php?id=CVE-2022-22683

28 Jul 2022 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de la copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento de Búfer Clásico") en el componente cgi en Synology Media Server versiones anteriores a 1.8.1-2876, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-27614

https://notcve.org/view.php?id=CVE-2022-27614

28 Jul 2022 — Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el servidor web de Synology Media Server versiones anteriores a 1.8.1-2876, que permite a atacantes remotos obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-22684

https://notcve.org/view.php?id=CVE-2022-22684

28 Jul 2022 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. La neutralización inadecuada de los elementos especiales utilizados en un comando del sistema operativo ("inyección de comandos del sistema operativo") es una vulnerabilidad del componente de gestión de tareas de Synology DiskStatio... • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27610

https://notcve.org/view.php?id=CVE-2022-27610

27 Jul 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salro de Ruta") en el componente webapi en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25423, permite a usuarios remotos autenticados elimina... • https://www.synology.com/security/advisory/Synology_SA_20_06 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-22687

https://notcve.org/view.php?id=CVE-2022-22687

25 Mar 2022 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento del Búfer Clásico") en la funcionalidad Authentication en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar ... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-22688

https://notcve.org/view.php?id=CVE-2022-22688

25 Mar 2022 — Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando ("Inyección de Comandos") en la funcionalidad File service en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.4-25556-2, per... • https://www.synology.com/security/advisory/Synology_SA_21_22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

1 2 3 4 5