Synology

Vs960hd Firmware

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-26567

  • EPSS 1.13%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

9

CVE-2021-26566

Exploit
  • EPSS 0.42%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

5.9

CVE-2021-26565

Exploit
  • EPSS 0.18%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

8.7

CVE-2021-26564

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

6.7

CVE-2021-26563

Exploit
  • EPSS 0.12%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

8.1

CVE-2021-26562

Exploit
  • EPSS 1.39%
  • Veröffentlicht 26.02.2021 22:15:20
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

8.1

CVE-2021-26561

Exploit
  • EPSS 2.34%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

7.4

CVE-2021-26560

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

7.8

CVE-2021-3156

Warnung Exploit
  • EPSS 92.26%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 03.04.2025 19:47:48

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

7.8

CVE-2019-9518

  • EPSS 3.67%
  • Veröffentlicht 13.08.2019 21:15:13
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...