Lucene search

K
SynologyRouter Manager

12 matches found

CVE
CVE
added 2020/01/21 6:15 p.m.406 views

CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authenti...

6.5CVSS6.5AI score0.05927EPSS
CVE
CVE
added 2020/02/03 9:15 p.m.274 views

CVE-2019-9501

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthen...

8.8CVSS7AI score0.03057EPSS
CVE
CVE
added 2020/02/03 9:15 p.m.268 views

CVE-2019-9502

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated att...

8.8CVSS7AI score0.01908EPSS
CVE
CVE
added 2020/01/21 6:15 p.m.214 views

CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

6.5CVSS6.3AI score0.0213EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.68 views

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

8.3CVSS8.3AI score0.0026EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.50 views

CVE-2020-27655

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

10CVSS9.3AI score0.01223EPSS
CVE
CVE
added 2020/05/04 10:15 a.m.42 views

CVE-2019-11823

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

8.6CVSS7.4AI score0.01097EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.41 views

CVE-2020-27654

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

9.8CVSS9.8AI score0.03047EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.40 views

CVE-2020-27658

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

7.1CVSS6.6AI score0.00264EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.38 views

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

6.5CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.37 views

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

9CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.37 views

CVE-2020-27651

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

8.1CVSS8.4AI score0.00325EPSS