NotCVE - vendor:"Synology" product:"Router Manager" version:"1.2"

Page 2 of 30 results (0.045 seconds)

CVSS: 10.0EPSS: 20%CPEs: 4EXPL: 0

CVE-2022-43931

https://notcve.org/view.php?id=CVE-2022-43931

03 Jan 2023 — Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_22_26 •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2022-22683

https://notcve.org/view.php?id=CVE-2022-22683

28 Jul 2022 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de la copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento de Búfer Clásico") en el componente cgi en Synology Media Server versiones anteriores a 1.8.1-2876, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-27614

https://notcve.org/view.php?id=CVE-2022-27614

28 Jul 2022 — Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el servidor web de Synology Media Server versiones anteriores a 1.8.1-2876, que permite a atacantes remotos obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27658

https://notcve.org/view.php?id=CVE-2020-27658

29 Oct 2020 — Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no incluye una flag HTTPOnly en un encabezado Set-Cookie para la cookie de sesión, lo que hace más fácil para atacantes remotos obtener información potencialmente confidencial por medio de un acce... • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27657

https://notcve.org/view.php?id=CVE-2020-27657

29 Oct 2020 — Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en DDNS en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle rastrear información de autenticación de DNSExit por medio de vectores no es... • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2020-27655

https://notcve.org/view.php?id=CVE-2020-27655

29 Oct 2020 — Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Una vulnerabilidad de control de acceso inapropiado en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos acceder a recursos restringidos por medio del tráfico de QuickConnect entrante • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2

CVE-2020-27654

https://notcve.org/view.php?id=CVE-2020-27654

29 Oct 2020 — Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Una vulnerabilidad de control de acceso inapropiado en lbd en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos ejecutar comandos arbitrarios por medio del puerto (1) 7786/tcp o (2) 7787/tcp • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-269: Improper Privilege Management •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-27653

https://notcve.org/view.php?id=CVE-2020-27653

29 Oct 2020 — Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Una vulnerabilidad de degradación del algoritmo en QuickConnect en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27651

https://notcve.org/view.php?id=CVE-2020-27651

29 Oct 2020 — Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no establece el flag Secure para la cookie de sesión en una sesión HTTPS, lo que hace más fácil a atacantes remotos capturar esta cookie al interceptar su transmisión dentro de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27649

https://notcve.org/view.php?id=CVE-2020-27649

29 Oct 2020 — Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Una vulnerabilidad de comprobación inapropiada del certificado en OpenVPN client en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de un certificado diseñ... • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-295: Improper Certificate Validation •

1 2 3