Vulnerabilities > Synology > Diskstation Manager > Low

DATE CVE VULNERABILITY TITLE RISK
2020-10-29 CVE-2020-27650 Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
high complexity
synology CWE-311
3.7
3.7
2020-10-29 CVE-2020-27656 Cleartext Transmission of Sensitive Information vulnerability in Synology Diskstation Manager
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
network
high complexity
synology CWE-319
3.7
3.7