Vulnerabilities > Synology > Diskstation Manager > 6.2.3.25426.2

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2021-26563 Incorrect Authorization vulnerability in Synology products
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-863
4.6
4.6
2021-02-26 CVE-2021-26562 Out-of-bounds Write vulnerability in Synology products
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
network
synology CWE-787
6.8
6.8
2021-02-26 CVE-2021-26561 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology products
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
network
synology CWE-119
6.8
6.8
2021-02-26 CVE-2021-26560 Cleartext Transmission of Sensitive Information vulnerability in Synology products
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
network
synology CWE-319
5.8
5.8