CVE-2022-21190

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

PT-2021-18074 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to the improper neutralization of special elements in output used by a downstream component, also known as an 'Injection' vulnerability, in the...

PT-2021-18076 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote attackers to write arbitrary files via unspecified vectors...

Synology DiskStation Manager 缓冲区错误漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An out-of-bounds read vulnerability exists in the iscsisnapshotcommcore modul...

CVE-2019-1712

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of...

CVE-2016-4350

Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor SRM Profiler formerly Storage Manager STM before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the 1 ScriptSchedule parameter in the ScriptServlet servlet; the 2...