CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13292
https://notcve.org/view.php?id=CVE-2018-13292
01 Apr 2019 — Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de exposición de información en /usr/syno/etc/mount.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13290
https://notcve.org/view.php?id=CVE-2018-13290
01 Apr 2019 — Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. Una vulnerabilidad de exposición de información en SYNO.Core.ACL en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados determinar la existencia de archivos o obtener información sensible de archivos m... • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13289
https://notcve.org/view.php?id=CVE-2018-13289
01 Apr 2019 — Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. Una vulnerabilidad de exposición de información en SYNO.FolderSharing.List en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los atacantes remotos obtener información sensible mediante los parámetros (1) folder_path o (2) real_path. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13287
https://notcve.org/view.php?id=CVE-2018-13287
01 Apr 2019 — Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de permisos por defecto incorrectos en synouser.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13285
https://notcve.org/view.php?id=CVE-2018-13285
01 Apr 2019 — Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Una vulnerabilidad de inyección de comandos en ftpd en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados ejecutar comandos arbitrarios del sistema operativo mediante los comandos (1) MKD o (2) RMD. • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8918
https://notcve.org/view.php?id=CVE-2018-8918
24 Dec 2018 — Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad Cross-Site Scripting (XSS) en info.cgi en Synology Router Manager (SRM) en versiones anteriores a la 1.1.7-6941 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro host. • https://www.synology.com/security/advisory/Synology_SA_18_25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 89%CPEs: 9EXPL: 8CVE-2018-1160 – Netatalk 3.1.12 - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2018-1160
20 Dec 2018 — Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Netatalk, en versiones anteriores a la 3.1.12, es vulnerable a una escritura fuera de límites en dsi_opensess.c. Esto se debe a la falta de comprobación de límites de los datos controlados por el atacante. • https://packetstorm.news/files/id/150891 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 7%CPEs: 1EXPL: 0CVE-2017-12078
https://notcve.org/view.php?id=CVE-2017-12078
08 Jun 2018 — Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Vulnerabilidad de inyección de comandos en EZ-Internet en Synology Router Manager (SRM) en versiones anteriores a la 1.1.56-6931 permite que usuarios remotos autenticados escriban archivos arbitrarios mediante el parámetro dest_folder_path. • https://www.synology.com/en-global/support/security/Synology_SA_17_79 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 1%CPEs: 31EXPL: 0CVE-2018-7170 – Slackware Security Advisory - ntp Updates
https://notcve.org/view.php?id=CVE-2018-7170
01 Mar 2018 — ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada simétrica creen de for... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-7184 – Ubuntu Security Notice USN-3707-1
https://notcve.org/view.php?id=CVE-2018-7184
01 Mar 2018 — ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, envía paquetes malos antes de actualizar la marca de tiempo "received"... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •