CVSS: 7.2EPSS: 7%CPEs: 1EXPL: 0CVE-2017-12075
https://notcve.org/view.php?id=CVE-2017-12075
08 Jun 2018 — Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Vulnerabilidad de inyección de comandos en EZ-Internet en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739 permite que usuarios remotos autenticados ejecuten comandos arbitrarios mediante el parámetro username. • https://www.synology.com/en-global/support/security/Synology_SA_18_24 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8916
https://notcve.org/view.php?id=CVE-2018-8916
08 Jun 2018 — Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. Vulnerabilidad de cambio de contraseña sin verificar en Change Password en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739 permite que usuarios autenticados remotos restablezcan contraseñas sin verificación. • https://www.synology.com/en-global/support/security/Synology_SA_18_24 • CWE-620: Unverified Password Change CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •