6.2.1.23824

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-29	CVE-2020-27650	Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. network synology CWE-311	4.3
2020-10-29	CVE-2020-27648	Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. network synology CWE-295	6.8
2018-12-20	CVE-2018-1160	Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. network low complexity netatalk synology debian CWE-787 critical	9.8
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	4.7