|
194551
|
9.8 |
CRITICAL
Network
|
eprints
|
eprints
|
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
|
CWE-611
XXE
|
CVE-2021-26703
|
2024-11-21 14:56 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194552
|
6.1 |
MEDIUM
Network
|
eprints
|
eprints
|
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26702
|
2024-11-21 14:56 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194553
|
9.8 |
CRITICAL
Network
|
eprints
|
eprints
|
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
|
CWE-78
OS Command
|
CVE-2021-26476
|
2024-11-21 14:56 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194554
|
6.1 |
MEDIUM
Network
|
eprints
|
eprints
|
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26475
|
2024-11-21 14:56 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194555
|
7.8 |
HIGH
Local
|
synology
faad2_project
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
faad2
|
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26567
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194556
|
9.0 |
CRITICAL
Network
|
synology
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
|
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary comman…
|
CWE-200
Information Exposure
|
CVE-2021-26566
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194557
|
5.9 |
MEDIUM
Network
|
synology
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
|
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive informati…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-26565
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194558
|
8.7 |
HIGH
Network
|
synology
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
|
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-26564
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194559
|
6.7 |
MEDIUM
Local
|
synology
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
|
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
|
-
|
CVE-2021-26563
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194560
|
8.1 |
HIGH
Network
|
synology
|
diskstation_manager
vs960hd_firmware
skynas_firmware
diskstation_manager_unified_controller
|
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HT…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26562
|
2024-11-21 14:56 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
