264 matches found
Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4938-1 advisory. It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of...
Unbound Configuration Injection Vulnerability
Unbound is a DNS resolver that supports validation, recursion, and caching features. A configuration injection vulnerability exists in createunboundadservers.sh in versions of Unbound prior to 1.9.5. A man-in-the-middle attacker can exploit this vulnerability to inject configuration via a plainte...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
UBUNTU-CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
Synology DiskStation Manager Sensitive Information Plaintext Transfer Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
Design/Logic Flaw
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
Session fixation
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
Design/Logic Flaw
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26565
Synology DiskStation Manager (DSM) prior to version 6.2.3-25426-3 contains a cleartext transmission vulnerability in synorelayd that can allow MITM attackers to obtain sensitive information via HTTP sessions. The issue affects DSM running on Synology NAS devices and is documented in multiple sour...
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
CVE-2021-26564
CVE-2021-26564 is a vulnerability in Synology DiskStation Manager (DSM) due to cleartext transmission in the synorelayd component prior to version 6.2.3-25426-3. The flaw allows man-in-the-middle attackers to spoof servers via an HTTP session, exposing sensitive information. Connected sources ali...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26560
CVE-2021-26560 affects Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 via the synoagentregisterd service. The issue involves cleartext HTTP transmission during server discovery (the /finder/server response and subsequent domain parsing), enabling MITM disclosure and server spoofing. TA...