Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-27651 | Missing Encryption of Sensitive Data vulnerability in Synology Router Manager Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 8.1 |
| 2020-10-29 | CVE-2020-27650 | Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 3.7 |
| 2020-10-29 | CVE-2020-27649 | Improper Certificate Validation vulnerability in Synology Router Manager Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 9.0 |
| 2020-10-29 | CVE-2020-27648 | Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 9.0 |
| 2020-08-21 | CVE-2020-8623 | Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. | 7.5 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |
| 2020-08-21 | CVE-2020-8621 | Reachable Assertion vulnerability in multiple products In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. | 7.5 |
| 2020-05-04 | CVE-2019-11823 | Out-of-bounds Read vulnerability in Synology Router Manager CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | 7.5 |
| 2020-02-03 | CVE-2019-9502 | Out-of-bounds Write vulnerability in multiple products The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. | 8.8 |
| 2020-02-03 | CVE-2019-9501 | Out-of-bounds Write vulnerability in multiple products The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. | 8.8 |