CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11823
https://notcve.org/view.php?id=CVE-2019-11823
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Una vulnerabilidad de inyección de CRLF en Network Center en Synology Router Manager (SRM) versiones anteriores a la versión 1.2.3-8017-2, permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites y bloqueo de aplicación) por medio de un tráfico de red diseñado. • https://www.synology.com/security/advisory/Synology_SA_20_11 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side channel) como resultado de diferencias de tiempo observables y patrones de acceso a la caché. Un atacante puede conseguir información filtrada de un ataque de canal lateral (side channel) que pueda ser usado para la recuperación completa de la contraseña. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https:&# • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/p • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13292
https://notcve.org/view.php?id=CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de exposición de información en /usr/syno/etc/mount.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13290
https://notcve.org/view.php?id=CVE-2018-13290
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. Una vulnerabilidad de exposición de información en SYNO.Core.ACL en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados determinar la existencia de archivos o obtener información sensible de archivos mediante el parámetro "file_path". • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •