Vulnerabilities > Synology > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-12 CVE-2021-27647 Out-of-bounds Read vulnerability in Synology Diskstation Manager
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
network
low complexity
synology CWE-125
7.5
2021-03-12 CVE-2021-27646 Use After Free vulnerability in Synology Diskstation Manager
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
network
low complexity
synology CWE-416
7.5
2021-02-26 CVE-2021-26567 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
local
low complexity
synology faad2-project CWE-787
7.8
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2020-10-29 CVE-2020-27653 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Router Manager
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
network
high complexity
synology CWE-327
8.3
2020-10-29 CVE-2020-27652 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
network
high complexity
synology CWE-327
8.3
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-05-04 CVE-2019-11823 Out-of-bounds Read vulnerability in Synology Router Manager
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
network
low complexity
synology CWE-125
7.5
2020-02-03 CVE-2019-9502 Out-of-bounds Write vulnerability in multiple products
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.
low complexity
synology broadcom CWE-787
8.3
2020-02-03 CVE-2019-9501 Out-of-bounds Write vulnerability in multiple products
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.
low complexity
synology broadcom CWE-787
8.3