6.2.1.23824.3

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-26	CVE-2021-26560	Cleartext Transmission of Sensitive Information vulnerability in Synology products Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. network high complexity synology CWE-319	7.4
2020-10-29	CVE-2020-27656	Cleartext Transmission of Sensitive Information vulnerability in Synology Diskstation Manager Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. network high complexity synology CWE-319	3.7
2020-10-29	CVE-2020-27652	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. network high complexity synology CWE-327	8.3
2020-10-29	CVE-2020-27650	Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. network high complexity synology CWE-311	3.7
2020-10-29	CVE-2020-27648	Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. network high complexity synology CWE-295 critical	9.0
2018-12-20	CVE-2018-1160	Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. network low complexity netatalk synology debian CWE-787 critical	9.8
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6