Show filters
9 Total Results
Displaying 1-9 of 9
Sort by:
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated January 15, 2025)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attack Vector: LocalPrivileges: LowUser Interaction: None
13
4
Attacker Value
Unknown

CVE-2021-26562

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26567

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26561

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26564

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26566

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26560

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26563

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Attack Vector: LocalPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26565

Disclosure Date: February 26, 2021 (last updated January 15, 2025)
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0