CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26566
https://notcve.org/view.php?id=CVE-2021-26566
26 Feb 2021 — Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Una vulnerabilidad de inserción de información confidencial en datos enviados en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar comandos arbitrarios por medio del tráfico entrante Q... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26565
https://notcve.org/view.php?id=CVE-2021-26565
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle obtener información confidencial por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26564
https://notcve.org/view.php?id=CVE-2021-26564
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26563
https://notcve.org/view.php?id=CVE-2021-26563
26 Feb 2021 — Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de autorización incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar código arbitrario a través de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_03 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26562
https://notcve.org/view.php?id=CVE-2021-26562
26 Feb 2021 — Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de escritura fuera de límites en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_site • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26561
https://notcve.org/view.php?id=CVE-2021-26561
26 Feb 2021 — Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio del encabezado HTTP syno_finder_s... • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2021-26560
https://notcve.org/view.php?id=CVE-2021-26560
26 Feb 2021 — Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Una vulnerabilidad transmisión de información confidencial en texto sin cifrar en synoagentregisterd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle falsificar servidores por medio de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 96%CPEs: 39EXPL: 94CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
26 Jan 2021 — Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo caráct... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27656
https://notcve.org/view.php?id=CVE-2020-27656
29 Oct 2020 — Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en DDNS en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-2, permite a atacantes de tipo man-in-the-middle rastrear una información de autenticación de DNSExit por med... • https://www.synology.com/security/advisory/Synology_SA_20_18 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27652
https://notcve.org/view.php?id=CVE-2020-27652
29 Oct 2020 — Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Una vulnerabilidad de degradación del Algoritmo en QuickConnect en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-2, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_18 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •