Synology Skynas
29 CVEs affecting Synology Skynas. Latest disclosed: 2021-02-26. Critical: 4, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1160 | Critical | 9.8 | 2018-12-20 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote… |
CVE-2021-26562 | Critical | 9.0 | 2021-02-26 | Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execut… |
CVE-2021-26561 | Critical | 9.0 | 2021-02-26 | Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers t… |
CVE-2021-26560 | Critical | 9.0 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-th… |
CVE-2021-26566 | High | 8.3 | 2021-02-26 | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-midd… |
CVE-2021-26565 | High | 8.3 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle… |
CVE-2021-26564 | High | 8.3 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle… |
CVE-2020-27652 | High | 8.3 | 2020-10-29 | Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof server… |
CVE-2020-27648 | High | 8.3 | 2020-10-29 | Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers t… |
CVE-2021-26563 | High | 8.2 | 2021-02-26 | Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary co… |
CVE-2021-26567 | High | 7.8 | 2021-02-26 | Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname… |
CVE-2021-3156 | High | 7.8 | 2021-01-26 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" a… |
CVE-2018-8897 | High | 7.8 | 2018-05-08 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some… |
CVE-2019-9518 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with a… |
CVE-2019-9517 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 w… |
CVE-2019-9515 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to t… |
CVE-2019-9514 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an in… |
CVE-2019-9513 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and con… |
CVE-2019-9511 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The… |
CVE-2018-7185 | High | 7.5 | 2018-03-06 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zer… |