Synology DiskStation Manager Out-of-bounds Write (CVE-2024-45539)

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This plugin only works with...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-45539

CVE-2024-45539 is an out-of-bounds write vulnerability in the CGI components of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). The flaw affects DSM versions before 7.2.1-69057-2, DSM 7.2.2-72806, and DSMUC before 3.1.4-23079. Remote attackers can cause denial of servi...

EUVD-2024-55301

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

RLSA-2025:4487 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 For more details...

Unintended Proxy or Intermediary

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Pro...

GO-2022-0761 Improper input validation in net/http and net/http/cgi

An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Proxy header, which changes where Go by default proxies all outbound HTTP requests. This environment variable is also used to set the outgoing proxy, enabling an attacker to insert a...

CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

多款Chiyu产品注入漏洞

The Chiyu CHIYU BF-430, etc. are all networking servers that provide communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu Inc. of Taiwan, China. A security vulnerability exists in CHIYU Technology Inc's BF-430, BF-431, and BF-450M TCP/IP...

CHIYU TCP/IP Converter devices - CRLF injection

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...

CHIYU TCP/IP Converter CRLF Injection

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...

CHIYU TCP/IP Converter devices - CRLF injection Vulnerability

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter devices - all firmware...