CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2021-29083
https://notcve.org/view.php?id=CVE-2021-29083
01 Apr 2021 — Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. Una neutralización inapropiada de elementos especiales usados en un comando del Sistema Operativo en SYNO.Core.Network.PPPoE en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a usuarios autenticados remotos ejecutar código arbitrario por medi... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27646 – Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27646
12 Mar 2021 — Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attackers to execute arbitrary... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-26569 – Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26569
12 Mar 2021 — Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una Condición de Carrera dentro de una vulnerabilidad de Subproceso en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attacke... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-27647 – Synology DiskStation Manager StartEngCommPipeServer HandleSendMsg Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27647
12 Mar 2021 — Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Lectura Fuera de Límites en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows network-adjacent attackers to disclose sensiti... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2021-26567
https://notcve.org/view.php?id=CVE-2021-26567
26 Feb 2021 — Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. La vulnerabilidad de desbordamiento de búfer basada en la pila en frontend/main.c en faad2 versiones anteriores a 2.2.7.1 permite a los atacantes locales ejecutar código arbitrario a través de las opciones de nombre de archivo y ruta. • https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26566
https://notcve.org/view.php?id=CVE-2021-26566
26 Feb 2021 — Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Una vulnerabilidad de inserción de información confidencial en datos enviados en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar comandos arbitrarios por medio del tráfico entrante Q... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26565
https://notcve.org/view.php?id=CVE-2021-26565
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle obtener información confidencial por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26564
https://notcve.org/view.php?id=CVE-2021-26564
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26563
https://notcve.org/view.php?id=CVE-2021-26563
26 Feb 2021 — Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de autorización incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar código arbitrario a través de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26562
https://notcve.org/view.php?id=CVE-2021-26562
26 Feb 2021 — Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de escritura fuera de límites en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_site • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-787: Out-of-bounds Write •