Ddaa

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 6.2.4-25556-2 **Description** The issue is related to improper neutralization of special elements used in a command, allowing remote authenticated users to execute arbitrary commands via unspecified vectors. This affects the File service functionality. **Recommendations** For versions prior to 6.2.4-25556-2, update to version 6.2.4-25556-2 or later to resolve the issue.

Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.

Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.

**Name of the Vulnerable Software and Affected Versions** TFTP Server versions 1.66 and earlier **Description** A heap-based overflow issue allows remote attackers to cause a denial of service or possibly execute arbitrary code by sending a long TFTP error packet. **Recommendations** For versions 1.66 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TFTP Server versions 1.66 and earlier **Description** A format string issue in the logMess function allows remote attackers to potentially cause a denial of service or execute arbitrary code by including format string sequences in a TFTP error packet. **Recommendations** For versions 1.66 and earlier, update to a version later than 1.66 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TFTP Server MT versions 1.65 and earlier **Description** The issue concerns a format string vulnerability in the logMess function. This vulnerability can be exploited by remote attackers who send TFTP error packets containing format string sequences, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For versions 1.65 and earlier, update to a version later than 1.65 to resolve the issue. As a temporary workaround, consider restricting access to the TFTP server to minimize the risk of exploitation.