Vs960hd_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Vs960hd_firmware
(Synology)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	22

Date	Id	Summary	Products	Score	Patch	Annotated
2018-12-20	CVE-2018-1160	Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.	Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware	9.8
2019-04-09	CVE-2019-3870	A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is...	Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware	6.1
2021-02-26	CVE-2021-26560	Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	7.4
2021-02-26	CVE-2021-26561	Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.1
2021-02-26	CVE-2021-26562	Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.1
2021-02-26	CVE-2021-26563	Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	6.7
2021-02-26	CVE-2021-26564	Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	8.7
2021-02-26	CVE-2021-26565	Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	5.9
2021-02-26	CVE-2021-26566	Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.	Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	9.0
2021-02-26	CVE-2021-26567	Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.	Faad2, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware	7.8