CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27611
https://notcve.org/view.php?id=CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") en el componente webapi en Synology Audio Station versiones anteriores a 6.5.4-3367, permite a usuarios remotos autenticados eliminar archivos arbitrarios por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_21 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27612
https://notcve.org/view.php?id=CVE-2022-27612
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. Una vulnerabilidad de la copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento de Búfer Clásico") en el componente cgi de Synology Audio Station versiones anteriores a 6.5.4-3367, permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_21 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15888
https://notcve.org/view.php?id=CVE-2017-15888
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en Custom Internet Radio List en Synology Audio Station en versiones anteriores a la 6.3.0-3260 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro NAME. • https://www.synology.com/en-global/support/security/Synology_SA_17_61_Audio_Station • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2015-9104
https://notcve.org/view.php?id=CVE-2015-9104
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. Vulnerabilidades de tipo cross-site scripting (XSS) en Synology Audio Station versión 5.1 y anteriores a la 5.1-2550, versión 5.4 y anteriores a la 5.4-2857, permiten a atacantes remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del título del álbum. • http://www.fortiguard.com/zeroday/FG-VD-15-106 https://www.synology.com/en-global/support/security/Audio_Station_5_4_2857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •