Vulnerabilities > Synology > Diskstation Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-27650 | Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 4.3 |
| 2020-10-29 | CVE-2020-27648 | Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2020-01-21 | CVE-2019-19344 | Use After Free vulnerability in multiple products There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | 6.5 |
| 2020-01-21 | CVE-2019-14907 | Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. | 6.5 |
| 2019-08-13 | CVE-2019-9516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. | 6.5 |
| 2019-04-09 | CVE-2019-3870 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. | 6.1 |
| 2019-04-01 | CVE-2018-13291 | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
| 2019-04-01 | CVE-2018-13286 | Incorrect Default Permissions vulnerability in Synology Diskstation Manager Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
| 2018-12-24 | CVE-2018-8920 | Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 6.5 |
| 2018-12-24 | CVE-2018-8919 | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | 5.0 |