Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SynologySkynas Firmware-

10 matches found

CVE
CVEadded 2021/01/26 9:15 p.m.4218 views

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

7.8CVSS8.3AI score0.92441EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.91 views

CVE-2021-26562

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

9CVSS8.7AI score0.01702EPSS
CVE
CVEadded 2019/04/09 4:29 p.m.90 views

CVE-2019-3870

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in som...

6.1CVSS6.1AI score0.00255EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.87 views

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

9CVSS9.2AI score0.00437EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.86 views

CVE-2021-26563

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.2CVSS7AI score0.00107EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.80 views

CVE-2021-26561

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

9CVSS8.8AI score0.02432EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.80 views

CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

7.8CVSS8.6AI score0.01652EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.79 views

CVE-2021-26564

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

8.7CVSS8.6AI score0.00151EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.67 views

CVE-2021-26560

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

9CVSS7.7AI score0.00151EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.67 views

CVE-2021-26565

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

8.3CVSS6.9AI score0.00168EPSS