Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:synology:diskstation_manager:6.2.1-23824-6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-26560 |
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: February 26, 2021; 5:15:19 PM -0500 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-27656 |
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Published: October 29, 2020; 5:15:13 AM -0400 |
V4.0:(not available) V3.1: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27652 |
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Published: October 29, 2020; 5:15:13 AM -0400 |
V4.0:(not available) V3.1: 8.3 HIGH V2.0: 5.1 MEDIUM |
CVE-2020-27650 |
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Published: October 29, 2020; 5:15:12 AM -0400 |
V4.0:(not available) V3.1: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27648 |
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: October 29, 2020; 5:15:12 AM -0400 |
V4.0:(not available) V3.1: 9.0 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2017-5753 |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Published: January 04, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.1: 5.6 MEDIUM V2.0: 4.7 MEDIUM |