GCVE - cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Skynas (`0d86d57f-192a-507b-92df-01b0fb905286`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3156`	not_vulnerable	2026-06-03 14:45:10.197442	Details available Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Published: 2021-01-26T00:00:00.000Z Updated: 2025-10-21T23:35:29.600Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html http://seclists.org/fulldisclosure/2021/Jan/79 http://www.openwall.com/lists/oss-security/2021/01/26/3 https://security.gentoo.org/glsa/202101-33 https://www.debian.org/security/2021/dsa-4839	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26567`	not_vulnerable	2026-06-03 14:44:08.542947	Details available Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Published: 2021-02-26T21:45:35.788Z Updated: 2024-09-16T19:56:15.211Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26566`	not_vulnerable	2026-06-03 14:44:08.537075	Details available HIGH (8.3) Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Published: 2021-02-26T21:45:35.118Z Updated: 2024-09-17T03:23:15.693Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26565`	not_vulnerable	2026-06-03 14:44:08.536569	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Published: 2021-02-26T21:45:34.345Z Updated: 2024-09-17T01:27:07.136Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26564`	not_vulnerable	2026-06-03 14:44:08.536038	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:33.663Z Updated: 2024-09-17T00:46:03.051Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26563`	not_vulnerable	2026-06-03 14:44:08.535436	Details available HIGH (8.2) Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Published: 2021-02-26T21:45:33.039Z Updated: 2024-09-16T16:23:45.140Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158 https://www.synology.com/security/advisory/Synology_SA_21_03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26562`	not_vulnerable	2026-06-03 14:44:08.532581	Details available CRITICAL (9) Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.818Z Updated: 2024-09-17T04:08:58.655Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26561`	not_vulnerable	2026-06-03 14:44:08.532021	Details available CRITICAL (9) Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.206Z Updated: 2024-09-16T23:06:05.777Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26560`	not_vulnerable	2026-06-03 14:44:08.529807	Details available CRITICAL (9) Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:30.498Z Updated: 2024-09-17T01:30:56.188Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27652`	not_vulnerable	2026-06-03 14:42:18.295926	Details available HIGH (8.3) Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Published: 2020-10-29T09:00:26.029Z Updated: 2024-09-16T19:55:59.604Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_18 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27650`	not_vulnerable	2026-06-03 14:42:18.295161	Details available MEDIUM (5.8) Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Published: 2020-10-29T09:00:25.555Z Updated: 2024-09-16T23:10:20.265Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27648`	not_vulnerable	2026-06-03 14:42:18.291788	Details available HIGH (8.3) Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: 2020-10-29T09:00:25.133Z Updated: 2024-09-16T20:27:27.929Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_18 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3870`	not_vulnerable	2026-06-03 14:40:27.724164	Details available MEDIUM (6.1) A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Published: 2019-04-09T15:17:43.000Z Updated: 2024-08-04T19:19:18.603Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ https://www.samba.org/samba/security/CVE-2019-3870.html https://bugzilla.samba.org/show_bug.cgi?id=13834 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.