Page 3 of 31 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_22_26 •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de la copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento de Búfer Clásico") en el componente cgi en Synology Media Server versiones anteriores a 1.8.1-2876, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el servidor web de Synology Media Server versiones anteriores a 1.8.1-2876, que permite a atacantes remotos obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_24 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no incluye una flag HTTPOnly en un encabezado Set-Cookie para la cookie de sesión, lo que hace más fácil para atacantes remotos obtener información potencialmente confidencial por medio de un acceso de script a esta cookie • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en DDNS en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle rastrear información de autenticación de DNSExit por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071 • CWE-319: Cleartext Transmission of Sensitive Information •