CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0854
https://notcve.org/view.php?id=CVE-2024-0854
24 Jan 2024 — URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en el componente de acceso a archivos de Synology DiskStation Manager (DSM) anterior a 7.2.1-69057-2 permite a usuarios remotos autenticados realizar ataques de phishing a través de v... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_02 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2729
https://notcve.org/view.php?id=CVE-2023-2729
13 Jun 2023 — Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_07 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3576
https://notcve.org/view.php?id=CVE-2022-3576
20 Oct 2022 — A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite ... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-27624
https://notcve.org/view.php?id=CVE-2022-27624
20 Oct 2022 — A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-27625
https://notcve.org/view.php?id=CVE-2022-27625
20 Oct 2022 — A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límite... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-27626
https://notcve.org/view.php?id=CVE-2022-27626
20 Oct 2022 — A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos co... • https://www.synology.com/security/advisory/Synology_SA_22_17 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27621
https://notcve.org/view.php?id=CVE-2022-27621
03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") en el componente webapi de Synology USB Copy versiones anteriores a 2.2.0-1086, permite a usuarios remotos autenticados leer o escribir archivos arbitrarios... • https://www.synology.com/security/advisory/Synology_SA_22_14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27620
https://notcve.org/view.php?id=CVE-2022-27620
03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") es una vulnerabilidad en el componente webapi de Synology SSO Server versiones anteriores a 2.2.3-0331, que permite a usuarios remotos autenticados leer archivos arbitrarios por med... • https://www.synology.com/security/advisory/Synology_SA_22_13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-27618
https://notcve.org/view.php?id=CVE-2022-27618
03 Aug 2022 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") es una vulnerabilidad del componente webapi en Synology Storage Analyzer versiones anteriores a 2.1.0-0390, que permite a usuarios remotos autenticados eliminar archivos arb... • https://www.synology.com/security/advisory/Synology_SA_22_11 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 4%CPEs: 43EXPL: 0CVE-2019-9517 – Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9517
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Algunas implementaciones HT... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •