Synology Diskstation Manager vulnerabilities

CVE-2021-26569 [HIGH] CWE-366 CVE-2021-26569: Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Man Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

CVE-2021-26566 [CRITICAL] CWE-201 CVE-2021-26566: Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStatio Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

CVE-2021-26560 [HIGH] CWE-319 CVE-2021-26560: Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology Disk Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

CVE-2021-26562 [HIGH] CWE-787 CVE-2021-26562: Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

CVE-2021-26564 [HIGH] CWE-319 CVE-2021-26564: Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

CVE-2021-26561 [HIGH] CWE-121 CVE-2021-26561: Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

CVE-2021-26567 [HIGH] CWE-121 CVE-2021-26567: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local att Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

CVE-2021-26563 [MEDIUM] CWE-863 CVE-2021-26563: Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) be Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CVE-2021-26565 [MEDIUM] CWE-319 CVE-2021-26565: Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

CVE-2021-3156 [HIGH] CWE-193 CVE-2021-3156: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

CVE-2020-27648 [CRITICAL] CWE-295 CVE-2020-27648: Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2020-27652 [HIGH] CWE-327 CVE-2020-27652: Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3 Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVE-2020-27653 [HIGH] CWE-327 CVE-2020-27653: Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVE-2020-27650 [LOW] CWE-614 CVE-2020-27650: Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVE-2020-27656 [LOW] CWE-319 CVE-2020-27656: Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manage Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVE-2019-14907 [MEDIUM] CWE-125 CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, t

CVE-2019-19344 [MEDIUM] CWE-416 CVE-2019-19344: There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

CVE-2019-9515 [HIGH] CWE-400 CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of s Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently th

CVE-2019-9517 [HIGH] CWE-400 CVE-2019-9517: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially lead Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requ

CVE-2019-9514 [HIGH] CWE-400 CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of serv Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both