Vulnerabilities > Synology > Diskstation Manager > 6.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-10-29 CVE-2020-27650 Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
synology CWE-311
4.3
4.3
2020-10-29 CVE-2020-27648 Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
synology CWE-295
6.8
6.8
2019-04-01 CVE-2018-13293 Cross-site Scripting vulnerability in Synology Diskstation Manager
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
network
synology CWE-79
3.5
3.5
2019-04-01 CVE-2018-13291 Information Exposure vulnerability in Synology Diskstation Manager
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-200
4.0
4.0
2018-12-20 CVE-2018-1160 Out-of-bounds Write vulnerability in multiple products
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c.
network
low complexity
netatalk synology debian CWE-787
critical
 9.8
9.8
2018-01-04 CVE-2017-5753 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 		4.7
4.7