Page 7 of 35 results (0.012 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. Una vulnerabilidad de consumo de recursos sin control en SYNO.Core.PortForwarding.Rules en Synology DiskStation (DSM) para versiones anteriores a la 6.1.1-15088 permite a un atacante autenticado remoto agotar los recursos de memoria de la máquina, provocando una denegación de servicio. • https://www.synology.com/en-global/support/security/Synology_SA_17_48_DSM • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 3

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. Una vulnerabilidad de exposición de información en el archivo forget_passwd.cgi en Synology DiskStation Manager (DSM) anterior a la versión 6.1.3-15152, permite a los atacantes remotos enumerar nombres de usuario válidos por medio de vectores no especificados. Synology DiskStation Manager (DMS) versions prior to 6.1.3-15152 suffer from a forget_passwd.cgi user enumeration vulnerability. • https://www.exploit-db.com/exploits/43455 https://github.com/rfcl/Synology-DiskStation-User-Enumeration-CVE-2017-9554- https://github.com/Ez0-yf/CVE-2017-9554-Exploit-Tool https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. Un fallo de diseño en el archivo SYNO.API.Encryption en Synology DiskStation Manager (DSM) anterior a versión 6.1.3-15152 permite a los atacantes remotos omitir el mecanismo de protección de encriptación mediante el parámetro de versión creado. • https://www.2-sec.com/2017/06/2-secs-expert-team-uncovers-new-vulnerability-popular-synology-nas-device https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. Vulnerabilidad de XSS en Synology DiskStation Manager (DSM) anterior a 5.2-5565 Update 1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro 'compound' en entry.cgi. • http://seclists.org/fulldisclosure/2015/May/109 http://www.securityfocus.com/bid/74811 https://www.securify.nl/advisory/SFY20150503/reflected_cross_site_scripting_in_synology_diskstation_manager.html https://www.synology.com/en-global/releaseNote/DS214play • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 1

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. webman/imageSelector.cgi en Synology DiskStation Manager (DSM) 4.0 anteriores a 4.0-2259, 4.2 anteriores a 4.2-3243, y 4.3 anteriores 4.3-3810 Update permite a atacantes remotos añadir información a archivos de forma arbitraria, y consecuentemente ejecutar código de forma arbitraria, a través de una ruta en el header HTTP SLICEUPLOAD X-TMP-FILE. • https://www.exploit-db.com/exploits/30470 http://www.kb.cert.org/vuls/id/615910 • CWE-264: Permissions, Privileges, and Access Controls •