CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22679
https://notcve.org/view.php?id=CVE-2022-22679
07 Feb 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en la administración del servicio de soporte en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, permite a us... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43929
https://notcve.org/view.php?id=CVE-2021-43929
07 Feb 2022 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de elementos especiales en la salida usada por un componente descendente ("Injection") en la administración del flujo de trabajo en Synology DiskStation Manager (DSM) ve... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43927
https://notcve.org/view.php?id=CVE-2021-43927
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("Inyección SQL") en la funcionalidad Security Management de Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permi... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43926
https://notcve.org/view.php?id=CVE-2021-43926
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en la funcionalidad Log Management en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permite a ataca... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43925
https://notcve.org/view.php?id=CVE-2021-43925
07 Feb 2022 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en la funcionalidad Log Management en Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, permite a atacantes... • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22680
https://notcve.org/view.php?id=CVE-2022-22680
07 Feb 2022 — Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el servidor web de Synology DiskStation Manager (DSM) versiones anteriores a 7.0.1-42218-2, que permite a atacantes remotos obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 18%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29085
https://notcve.org/view.php?id=CVE-2021-29085
23 Jun 2021 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de elementos especiales en la salida usada por un componente aguas abajo ("Injection") en el componente file sharing management en Synology DiskStation Manager (DSM) versiones anter... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29087
https://notcve.org/view.php?id=CVE-2021-29087
23 Jun 2021 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("'Path Traversal") en el componente webapi de Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, que permite a atacantes remotos escribir archivos ar... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27649
https://notcve.org/view.php?id=CVE-2021-27649
23 Jun 2021 — Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de uso de memoria previamente liberada en el componente file transfer protocol en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-416: Use After Free •