Skynas_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Skynas_firmware
(Synology)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	13

Date	Id	Summary	Products	Score	Patch	Annotated
2020-10-29	CVE-2020-27648	Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	Diskstation_manager, Skynas_firmware	9.0
2020-10-29	CVE-2020-27650	Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.	Diskstation_manager, Skynas_firmware	3.7
2020-10-29	CVE-2020-27652	Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.	Diskstation_manager, Skynas_firmware	8.3
2021-01-26	CVE-2021-3156	Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.	Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Oncommand_unified_manager_core_package, Ontap_select_deploy_administration_utility, Ontap_tools, Solidfire, Communications_performance_intelligence_center, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	7.8
2021-02-26	CVE-2021-26560	Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	7.4
2021-02-26	CVE-2021-26561	Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.1
2021-02-26	CVE-2021-26562	Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.1
2021-02-26	CVE-2021-26563	Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	6.7
2021-02-26	CVE-2021-26564	Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.7
2021-02-26	CVE-2021-26565	Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	5.9