Latest synology vs960hd firmware Vulnerabilities

CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP s...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26566
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary command...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive informatio...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 2 more
CVE-2021-26562
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTT...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26563
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Synology DiskStation Manager<6.2.4-25553
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via a...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-26561
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_...
Synology DiskStation Manager<6.2.3-25426-3
Synology Vs960hd Firmware
Synology Vs960hd
Synology Skynas Firmware
Synology Skynas
Synology Diskstation Manager Unified Controller=3.0
and 1 more
CVE-2021-3156
Sudo Heap-Based Buffer Overflow Vulnerability
debian/sudo
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
and 55 more
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constr...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 77 more
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data ...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 168 more
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, o...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 72 more
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-st...
redhat/rh-nodejs10<0:3.2-3.el7
redhat/rh-nodejs10-nodejs<0:10.16.3-3.el7
redhat/rh-nodejs8<0:3.0-5.el7
redhat/rh-nodejs8-nodejs<0:8.16.1-2.el7
redhat/envoy<1.11.1
redhat/Nodejs<8.16.1
and 45 more
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the ...
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
redhat/eap7-hal-console<0:3.0.17-2.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.13-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.18-1.Final_redhat_00001.1.el6ea
and 141 more
CVE-2019-9514
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest t...
redhat/go-toolset<1.11-0:1.11.13-1.el7
redhat/go-toolset<1.11-golang-0:1.11.13-2.el7
redhat/containernetworking-plugins<0:0.8.1-4.el7_7
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
and 221 more
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the str...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 104 more
CVE-2019-3870
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the instal...
Samba Samba>=4.9.0<4.9.6
Samba Samba>=4.10.0<4.10.2
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Synology Directory Server
Synology DiskStation Manager=5.2
and 7 more
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage thi...
Netatalk Netatalk<3.1.12
Synology DiskStation Manager>=5.2<5.2-5967-9
Synology DiskStation Manager>=6.1<6.1.7-15284-3
Synology DiskStation Manager>=6.2<6.2.1-23824-4
Synology Router Manager>=1.2<1.2-7742-5
Synology Skynas
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203