Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_21_03 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Date published : 2021-02-26 https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. Date published : 2021-02-26 https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ https://lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. Date published : 2021-02-26 https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ https://lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Date published : 2021-02-26 https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ https://lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. Date published...
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...