Page 5 of 47 results (0.010 seconds)

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_site • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad transmisión de información confidencial en texto sin cifrar en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 https://bugzilla.samba.org/show_bug.cgi?id=13834 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA https://support.f5.com/csp/article/K20804356 https://www.samba.org/samba/security/CVE-2019-3870.html https://www.synology.com/security/advisory/Synology_SA_19 • CWE-276: Incorrect Default Permissions •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en los ajustes SSO del panel de control en Synology DiskStation Manager (DSM), en versiones 6.2.1-23824, permite a los usuarios remotos autenticados inyectar scripts web arbitrarios o HTML mediante el parámetro URL. • https://www.synology.com/security/advisory/Synology_SA_18_51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de exposición de información en /usr/syno/etc/mount.conf en Synology DiskStation Manager (DSM), en versiones anteriores a la 6.2.1-23824, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global. • https://www.synology.com/security/advisory/Synology_SA_18_51 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •