CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5748
https://notcve.org/view.php?id=CVE-2023-5748
24 Oct 2023 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. La vulnerabilidad de copia de búfer sin comprobar el tamaño de la entrada ('Desbordamiento de búfer clásico') en el componente cgi en Synology SSL VPN Client anterior a 1.4.7-0687 permite a los usuarios locales realizar ataques de denegación de servicio a través de vectores no especi... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_12 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46783
https://notcve.org/view.php?id=CVE-2022-46783
28 Aug 2023 — An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. • https://advisories.stormshield.eu • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27932
https://notcve.org/view.php?id=CVE-2021-27932
25 Aug 2023 — Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. • https://advisories.stormshield.eu •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46782
https://notcve.org/view.php?id=CVE-2022-46782
05 Aug 2023 — An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. • https://advisories.stormshield.eu/2022-028 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13283
https://notcve.org/view.php?id=CVE-2018-13283
01 Apr 2019 — Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. Una falta de control de administrador sobre una vulnerabilidad de seguridad en client.cgi en Synology SSL VPN Client, en versiones anteriores a la 1.2.5-0226, permite a los atacantes remotos realizar ataques de Man-in-the-Middle (MitM) mediante los parámetros (1) command, (2)... • https://www.synology.com/security/advisory/Synology_SA_18_30 • CWE-671: Lack of Administrator Control over Security •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8929
https://notcve.org/view.php?id=CVE-2018-8929
06 Jul 2018 — Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. Vulnerabilidad de restricción indebida del canal de comunicación en los endpoints planeados en el demonio HTTP en Synology SSL VPN Client en versiones anteriores a la 1.2.4-0224 permite que atacantes remotos lleven a cabo ataques Man-in-the-Middle (MitM) mediante una carga útil manipul... • https://www.synology.com/en-global/support/security/Synology_SA_18_19 • CWE-319: Cleartext Transmission of Sensitive Information CWE-417: Communication Channel Errors •