CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29088
https://notcve.org/view.php?id=CVE-2021-29088
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente cgi en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.4-25553 permite a usuarios locales ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29083
https://notcve.org/view.php?id=CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. Una neutralización inapropiada de elementos especiales usados en un comando del Sistema Operativo en SYNO.Core.Network.PPPoE en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a usuarios autenticados remotos ejecutar código arbitrario por medio del parámetro realname. • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27646 – Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27646
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iscsi_snapshot_comm_core service. The issue results from the lack of proper locking when performing operations on an object, which can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the current process. • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.zerodayinitiative.com/advisories/ZDI-21-339 https://www.zerodayinitiative.com/advisories/ZDI-21-340 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26569 – Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26569
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una Condición de Carrera dentro de una vulnerabilidad de Subproceso en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iscsi_snapshot_comm_core service. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the current process. • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.zerodayinitiative.com/advisories/ZDI-21-338 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27647 – Synology DiskStation Manager StartEngCommPipeServer HandleSendMsg Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27647
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Lectura Fuera de Límites en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the HandleSendMsg parameter sent to StartEngCommPipeServer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.zerodayinitiative.com/advisories/ZDI-21-339 • CWE-125: Out-of-bounds Read •