Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-27656 | Cleartext Transmission of Sensitive Information vulnerability in Synology Diskstation Manager Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | 3.7 |
| 2020-10-29 | CVE-2020-27655 | Improper Privilege Management vulnerability in Synology Router Manager Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | 10.0 |
| 2020-10-29 | CVE-2020-27654 | Improper Privilege Management vulnerability in Synology Router Manager Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | 9.8 |
| 2020-10-29 | CVE-2020-27653 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Router Manager Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 8.3 |
| 2020-10-29 | CVE-2020-27652 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 8.3 |
| 2020-10-29 | CVE-2020-27651 | Missing Encryption of Sensitive Data vulnerability in Synology Router Manager Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 8.1 |
| 2020-10-29 | CVE-2020-27650 | Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 3.7 |
| 2020-10-29 | CVE-2020-27649 | Improper Certificate Validation vulnerability in Synology Router Manager Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 9.0 |
| 2020-10-29 | CVE-2020-27648 | Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 9.0 |
| 2020-08-21 | CVE-2020-8623 | Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. | 7.5 |