CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2022-22687
https://notcve.org/view.php?id=CVE-2022-22687
25 Mar 2022 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento del Búfer Clásico") en la funcionalidad Authentication en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar ... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29085
https://notcve.org/view.php?id=CVE-2021-29085
23 Jun 2021 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de elementos especiales en la salida usada por un componente aguas abajo ("Injection") en el componente file sharing management en Synology DiskStation Manager (DSM) versiones anter... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29087
https://notcve.org/view.php?id=CVE-2021-29087
23 Jun 2021 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("'Path Traversal") en el componente webapi de Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, que permite a atacantes remotos escribir archivos ar... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-27649
https://notcve.org/view.php?id=CVE-2021-27649
23 Jun 2021 — Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de uso de memoria previamente liberada en el componente file transfer protocol en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29086
https://notcve.org/view.php?id=CVE-2021-29086
23 Jun 2021 — Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en el componente webapi en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos obtener información confidencial por medio de vectores no especif... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29084 – Synology DiskStation Manager webapi CRLF Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-29084
25 May 2021 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de elementos especiales en la salida usada por un componente descendente ("Injection") en el componente de administración de informes Security Advisor en Synology DiskSta... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2021-26567
https://notcve.org/view.php?id=CVE-2021-26567
26 Feb 2021 — Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. La vulnerabilidad de desbordamiento de búfer basada en la pila en frontend/main.c en faad2 versiones anteriores a 2.2.7.1 permite a los atacantes locales ejecutar código arbitrario a través de las opciones de nombre de archivo y ruta. • https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26566
https://notcve.org/view.php?id=CVE-2021-26566
26 Feb 2021 — Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Una vulnerabilidad de inserción de información confidencial en datos enviados en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar comandos arbitrarios por medio del tráfico entrante Q... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26565
https://notcve.org/view.php?id=CVE-2021-26565
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle obtener información confidencial por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26564
https://notcve.org/view.php?id=CVE-2021-26564
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •