Lucene search
+L

4 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.9 views

Synology DiskStation Manager Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-2020-27650)

Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. This plugin only works with Tenable.ot. Please...

5.8CVSS6.4AI score0.00552EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/11/21 12:0 a.m.26 views

Synology DiskStation Manager (DSM) 6.2.x < 6.2.3-25426-2 Multiple Vulnerabilities (Synology-SA-20:18) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS5.7AI score0.00822EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2022/11/21 12:0 a.m.32 views

Synology DiskStation Manager (DSM) 6.2.x < 6.2.3-25426-2 Multiple Vulnerabilities (Synology-SA-20:18) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS5.7AI score0.00822EPSS
Exploits3References1
CVE
CVE
added 2020/10/29 9:0 a.m.59 views

CVE-2020-27650

CVE-2020-27650 affects Synology DiskStation Manager (DSM) versions before 6.2.3-25426-2. The issue is that the session cookie used in HTTPS sessions is not marked with the Secure flag, which can allow an attacker to capture the cookie by intercepting its transmission in an HTTP session. Impact is...

5.8CVSS6.3AI score0.00552EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder