CVEDB API

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager >> 6.2.2-24922 Security Vulnerabilities

CVE-2021-26561

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

CVSS Score

9.0

EPSS Score

0.023

Published

2021-02-26

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVSS Score

8.3

EPSS Score

0.004

Published

2020-10-29

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVSS Score

6.5

EPSS Score

0.001

Published

2020-10-29

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS Score

8.3

EPSS Score

0.002

Published

2020-10-29

CVE-2020-27650

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVSS Score

5.8

EPSS Score

0.001

Published

2020-10-29

Page 5

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager >> 6.2.2-24922 Security Vulnerabilities

Products

Pricing

Contact Us