Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

5 matches found

CVE•added 2020/10/29 9:15 a.m.•74 views

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

6.5CVSS6.1AI score0.00099EPSS

CVE•added 2020/10/29 9:15 a.m.•68 views

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

8.3CVSS8.3AI score0.00408EPSS

CVE•added 2020/10/29 9:15 a.m.•58 views

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

8.3CVSS8.3AI score0.00408EPSS

CVE•added 2020/10/29 9:15 a.m.•51 views

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

9CVSS8.4AI score0.00192EPSS

CVE•added 2020/10/29 9:15 a.m.•45 views

CVE-2020-27650

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

5.8CVSS6.3AI score0.00099EPSS