Filtered by vendor Synology Subscriptions
Filtered by product Skynas Firmware Subscriptions
Total 13 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3156 9 Beyondtrust, Debian, Fedoraproject and 6 more 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more 2024-11-21 7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-26567 2 Faad2 Project, Synology 8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more 2024-11-21 7.8 High
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVE-2021-26566 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2021-26565 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
CVE-2021-26564 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26562 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 9 Critical
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26561 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 9 Critical
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26560 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-11-21 9 Critical
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2020-27652 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2024-11-21 8.3 High
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27650 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2024-11-21 5.8 Medium
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
CVE-2020-27648 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2024-11-21 8.3 High
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2019-3870 3 Fedoraproject, Samba, Synology 9 Fedora, Samba, Directory Server and 6 more 2024-11-21 6.1 Medium
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.