Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2020-10-29 CVE-2020-27650 Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
synology CWE-311
4.3
2020-10-29 CVE-2020-27649 Improper Certificate Validation vulnerability in Synology Router Manager
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
synology CWE-295
6.8
2020-10-29 CVE-2020-27648 Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
synology CWE-295
6.8
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-08-21 CVE-2020-8622 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
6.5
2020-08-21 CVE-2020-8621 Reachable Assertion vulnerability in multiple products
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.
4.3
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
5.5
2020-05-04 CVE-2019-11823 Out-of-bounds Read vulnerability in Synology Router Manager
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
network
low complexity
synology CWE-125
7.5
2020-02-03 CVE-2019-9502 Out-of-bounds Write vulnerability in multiple products
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.
low complexity
synology broadcom CWE-787
8.3
2020-02-03 CVE-2019-9501 Out-of-bounds Write vulnerability in multiple products
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.
low complexity
synology broadcom CWE-787
8.3