CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26561
https://notcve.org/view.php?id=CVE-2021-26561
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_site • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26560
https://notcve.org/view.php?id=CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad transmisión de información confidencial en texto sin cifrar en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8917
https://notcve.org/view.php?id=CVE-2018-8917
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad Cross-Site Scripting (XSS) en info.cgi en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.1.6-15266 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro host. • https://www.synology.com/security/advisory/Synology_SA_18_14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8919
https://notcve.org/view.php?id=CVE-2018-8919
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. Vulnerabilidad de exposición de información en SYNO.Core.Desktop.SessionData en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.1.6-15266 permite que atacantes remotos roben credenciales mediante vectores sin especificar. • https://www.synology.com/security/advisory/Synology_SA_18_14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8920
https://notcve.org/view.php?id=CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. Neutralización incorrecta de la vulnerabilidad de escapado en Log Exporter en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.1.6-15266 permite que atacantes remotos inyecten contenido arbitrario para que cause un impacto sin especificar al exportar un archivo en formato CSV. • https://www.synology.com/security/advisory/Synology_SA_18_14 • CWE-116: Improper Encoding or Escaping of Output •