Synology

Diskstation Manager

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2021-26566

Exploit
  • EPSS 0.54%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

5.9

CVE-2021-26565

Exploit
  • EPSS 0.26%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

8.7

CVE-2021-26564

Exploit
  • EPSS 0.14%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

6.7

CVE-2021-26563

Exploit
  • EPSS 0.12%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.1

CVE-2021-26562

Exploit
  • EPSS 1.39%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

7.4

CVE-2021-26560

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

8.1

CVE-2021-26561

Exploit
  • EPSS 2.34%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

7.8

CVE-2021-3156

Warnung Exploit
  • EPSS 92.24%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 10.11.2025 14:41:45

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

4.3

CVE-2020-27656

Exploit
  • EPSS 0.1%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

8.3

CVE-2020-27653

Exploit
  • EPSS 0.5%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.