Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Diskstation_manager
(Synology)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-26 | CVE-2021-26560 | Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 7.4 | ||
| 2021-02-26 | CVE-2021-26561 | Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 8.1 | ||
| 2021-02-26 | CVE-2021-26562 | Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 8.1 | ||
| 2021-02-26 | CVE-2021-26563 | Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 6.7 | ||
| 2021-02-26 | CVE-2021-26564 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 8.7 | ||
| 2017-10-04 | CVE-2017-14491 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | Eos, Arubaos, Ubuntu_linux, Debian_linux, Honor_v9_play_firmware, Geforce_experience, Linux_for_tegra, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Ruggedcom_rm1224_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_w1750d_firmware, Linux_enterprise_debuginfo, Linux_enterprise_point_of_sale, Linux_enterprise_server, Diskstation_manager, Router_manager, Dnsmasq | 9.8 | ||
| 2021-01-26 | CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Hci_management_node, Oncommand_unified_manager_core_package, Solidfire, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 7.8 | ||
| 2019-04-09 | CVE-2019-3870 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is... | Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware | 6.1 | ||
| 2022-03-25 | CVE-2022-22687 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller | 9.8 | ||
| 2022-03-25 | CVE-2022-22688 | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | Diskstation_manager | 8.8 |