CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3576
https://notcve.org/view.php?id=CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos obtener información confidencial por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27624
https://notcve.org/view.php?id=CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27625
https://notcve.org/view.php?id=CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad message processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27626
https://notcve.org/view.php?id=CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos compartidos con una sincronización inapropiada ("Condición de Carrera") en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27621
https://notcve.org/view.php?id=CVE-2022-27621
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") en el componente webapi de Synology USB Copy versiones anteriores a 2.2.0-1086, permite a usuarios remotos autenticados leer o escribir archivos arbitrarios por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •