Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2020-11-30 CVE-2020-27660 SQL Injection vulnerability in Synology Safeaccess
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
network
low complexity
synology CWE-89
critical
10.0
2020-11-30 CVE-2020-27659 Cross-Site Scripting vulnerability in Synology Safeaccess
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
network
synology CWE-79
3.5
2020-10-29 CVE-2020-27658 Incorrect Permission Assignment FOR Critical Resource vulnerability in Synology Router Manager
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
network
synology CWE-732
4.3
2020-10-29 CVE-2020-27657 Cleartext Transmission of Sensitive Information vulnerability in Synology Router Manager
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
network
synology CWE-319
4.3
2020-10-29 CVE-2020-27656 Cleartext Transmission of Sensitive Information vulnerability in Synology Diskstation Manager
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
network
synology CWE-319
4.3
2020-10-29 CVE-2020-27655 Improper Privilege Management vulnerability in Synology Router Manager
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
network
low complexity
synology CWE-269
7.5
2020-10-29 CVE-2020-27654 Improper Privilege Management vulnerability in Synology Router Manager
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
network
low complexity
synology CWE-269
7.5
2020-10-29 CVE-2020-27653 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Router Manager
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
network
high complexity
synology CWE-327
5.1
2020-10-29 CVE-2020-27652 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
network
high complexity
synology CWE-327
5.1
2020-10-29 CVE-2020-27651 Missing Encryption of Sensitive Data vulnerability in Synology Router Manager
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
synology CWE-311
6.8