Synology

Diskstation Manager

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-26569

  • EPSS 1.75%
  • Veröffentlicht 12.03.2021 07:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

7.8

CVE-2021-26567

  • EPSS 1.13%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

9

CVE-2021-26566

Exploit
  • EPSS 0.42%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

5.9

CVE-2021-26565

Exploit
  • EPSS 0.18%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

8.7

CVE-2021-26564

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

6.7

CVE-2021-26563

Exploit
  • EPSS 0.12%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.1

CVE-2021-26562

Exploit
  • EPSS 1.39%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

8.1

CVE-2021-26561

Exploit
  • EPSS 2.34%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

7.4

CVE-2021-26560

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

7.8

CVE-2021-3156

Warnung Exploit
  • EPSS 92.26%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 03.04.2025 19:47:48

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.