CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22684
https://notcve.org/view.php?id=CVE-2022-22684
28 Jul 2022 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. La neutralización inadecuada de los elementos especiales utilizados en un comando del sistema operativo ("inyección de comandos del sistema operativo") es una vulnerabilidad del componente de gestión de tareas de Synology DiskStatio... • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27610
https://notcve.org/view.php?id=CVE-2022-27610
27 Jul 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salro de Ruta") en el componente webapi en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25423, permite a usuarios remotos autenticados elimina... • https://www.synology.com/security/advisory/Synology_SA_20_06 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2022-22687
https://notcve.org/view.php?id=CVE-2022-22687
25 Mar 2022 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento del Búfer Clásico") en la funcionalidad Authentication en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar ... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22688
https://notcve.org/view.php?id=CVE-2022-22688
25 Mar 2022 — Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando ("Inyección de Comandos") en la funcionalidad File service en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.4-25556-2, per... • https://www.synology.com/security/advisory/Synology_SA_21_22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22679
https://notcve.org/view.php?id=CVE-2022-22679
07 Feb 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en la administración del servicio de soporte en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, permite a us... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43929
https://notcve.org/view.php?id=CVE-2021-43929
07 Feb 2022 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de elementos especiales en la salida usada por un componente descendente ("Injection") en la administración del flujo de trabajo en Synology DiskStation Manager (DSM) ve... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43927
https://notcve.org/view.php?id=CVE-2021-43927
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("Inyección SQL") en la funcionalidad Security Management de Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permi... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43926
https://notcve.org/view.php?id=CVE-2021-43926
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en la funcionalidad Log Management en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permite a ataca... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43925
https://notcve.org/view.php?id=CVE-2021-43925
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en la funcionalidad Log Management en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, permite a atacantes... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22680
https://notcve.org/view.php?id=CVE-2022-22680
07 Feb 2022 — Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el servidor web de Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permite a atacantes remotos obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •