CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27646 – Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27646
12 Mar 2021 — Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attackers to execute arbitrary... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-26569 – Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26569
12 Mar 2021 — Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una Condición de Carrera dentro de una vulnerabilidad de Subproceso en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows local attacke... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-27647 – Synology DiskStation Manager StartEngCommPipeServer HandleSendMsg Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27647
12 Mar 2021 — Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Una vulnerabilidad de Lectura Fuera de Límites en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas This vulnerability allows network-adjacent attackers to disclose sensiti... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2021-26567
https://notcve.org/view.php?id=CVE-2021-26567
26 Feb 2021 — Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. La vulnerabilidad de desbordamiento de búfer basada en la pila en frontend/main.c en faad2 versiones anteriores a 2.2.7.1 permite a los atacantes locales ejecutar código arbitrario a través de las opciones de nombre de archivo y ruta. • https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26566
https://notcve.org/view.php?id=CVE-2021-26566
26 Feb 2021 — Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Una vulnerabilidad de inserción de información confidencial en datos enviados en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar comandos arbitrarios por medio del tráfico entrante Q... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26565
https://notcve.org/view.php?id=CVE-2021-26565
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle obtener información confidencial por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26564
https://notcve.org/view.php?id=CVE-2021-26564
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26563
https://notcve.org/view.php?id=CVE-2021-26563
26 Feb 2021 — Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de autorización incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar código arbitrario a través de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26562
https://notcve.org/view.php?id=CVE-2021-26562
26 Feb 2021 — Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de escritura fuera de límites en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_site • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26561
https://notcve.org/view.php?id=CVE-2021-26561
26 Feb 2021 — Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_s... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •