GCVE - cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Skynas Firmware (`55fa58bf-550c-58cf-ade7-146fc11d0710`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3156`	vulnerable	2026-06-03 14:45:10.196931	Details available Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Published: 2021-01-26T00:00:00.000Z Updated: 2025-10-21T23:35:29.600Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html http://seclists.org/fulldisclosure/2021/Jan/79 http://www.openwall.com/lists/oss-security/2021/01/26/3 https://security.gentoo.org/glsa/202101-33 https://www.debian.org/security/2021/dsa-4839	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26567`	vulnerable	2026-06-03 14:44:08.542929	Details available Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Published: 2021-02-26T21:45:35.788Z Updated: 2024-09-16T19:56:15.211Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26566`	vulnerable	2026-06-03 14:44:08.537058	Details available HIGH (8.3) Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Published: 2021-02-26T21:45:35.118Z Updated: 2024-09-17T03:23:15.693Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26565`	vulnerable	2026-06-03 14:44:08.536553	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Published: 2021-02-26T21:45:34.345Z Updated: 2024-09-17T01:27:07.136Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26564`	vulnerable	2026-06-03 14:44:08.536022	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:33.663Z Updated: 2024-09-17T00:46:03.051Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26563`	vulnerable	2026-06-03 14:44:08.535418	Details available HIGH (8.2) Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Published: 2021-02-26T21:45:33.039Z Updated: 2024-09-16T16:23:45.140Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158 https://www.synology.com/security/advisory/Synology_SA_21_03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26562`	vulnerable	2026-06-03 14:44:08.532563	Details available CRITICAL (9) Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.818Z Updated: 2024-09-17T04:08:58.655Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26561`	vulnerable	2026-06-03 14:44:08.532003	Details available CRITICAL (9) Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.206Z Updated: 2024-09-16T23:06:05.777Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26560`	vulnerable	2026-06-03 14:44:08.529100	Details available CRITICAL (9) Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:30.498Z Updated: 2024-09-17T01:30:56.188Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3870`	vulnerable	2026-06-03 14:40:27.723642	Details available MEDIUM (6.1) A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Published: 2019-04-09T15:17:43.000Z Updated: 2024-08-04T19:19:18.603Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ https://www.samba.org/samba/security/CVE-2019-3870.html https://bugzilla.samba.org/show_bug.cgi?id=13834 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.