Vulnerabilities > Synology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-26567 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. | 7.8 |
| 2021-02-26 | CVE-2021-26564 | Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 8.7 |
| 2021-02-26 | CVE-2021-26562 | Out-of-bounds Write vulnerability in Synology products Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 8.1 |
| 2021-02-26 | CVE-2021-26561 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology products Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 8.1 |
| 2021-02-26 | CVE-2021-26560 | Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 7.4 |
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |
| 2020-10-29 | CVE-2020-27653 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Router Manager Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 8.3 |
| 2020-10-29 | CVE-2020-27652 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 8.3 |
| 2020-10-29 | CVE-2020-27651 | Missing Encryption of Sensitive Data vulnerability in Synology Router Manager Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 8.1 |
| 2020-08-21 | CVE-2020-8623 | Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. | 7.5 |