| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-27652 | 5.1 |
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
|
16-11-2022 - 15:34 | 29-10-2020 - 09:15 | |
| CVE-2020-27648 | 6.8 |
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
09-11-2020 - 14:59 | 29-10-2020 - 09:15 | |
| CVE-2020-27650 | 4.3 |
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session
|
05-11-2020 - 18:21 | 29-10-2020 - 09:15 | |
| CVE-2020-27656 | 4.3 |
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
|
03-11-2020 - 21:02 | 29-10-2020 - 09:15 |