Vulnerabilities > Synology > Skynas Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-10-29 CVE-2020-27650 Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
high complexity
synology CWE-311
3.7
2020-10-29 CVE-2020-27648 Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
synology CWE-295
critical
9.0
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1