Product:

Skynas_firmware

(Synology)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2021-01-26 CVE-2021-3156 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Oncommand_unified_manager_core_package, Ontap_select_deploy_administration_utility, Ontap_tools, Solidfire, Communications_performance_intelligence_center, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 7.8
2019-04-09 CVE-2019-3870 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is... Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware 6.1
2021-02-26 CVE-2021-26567 Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Faad2, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 7.8
2020-10-29 CVE-2020-27652 Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Diskstation_manager, Skynas_firmware 8.3
2021-02-26 CVE-2021-26566 Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 9.0
2021-02-26 CVE-2021-26560 Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 7.4
2021-02-26 CVE-2021-26561 Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 8.1
2021-02-26 CVE-2021-26562 Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 8.1
2021-02-26 CVE-2021-26563 Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 6.7
2021-02-26 CVE-2021-26564 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 8.7