NotCVE - vendor:"Synology" product:"Skynas Firmware" version:"

3 results (0.001 seconds)

CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-27652

https://notcve.org/view.php?id=CVE-2020-27652

29 Oct 2020 — Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Una vulnerabilidad de degradación del Algoritmo en QuickConnect en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-2, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_18 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-27650

https://notcve.org/view.php?id=CVE-2020-27650

29 Oct 2020 — Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-2 no establece el flag Secure para la cookie de sesión en una sesión HTTPS, lo que hace más fácil a atacantes remotos capturar esta cookie al interceptar su transmisión dentro de una sesión ... • https://www.synology.com/security/advisory/Synology_SA_20_18 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-27648

https://notcve.org/view.php?id=CVE-2020-27648

29 Oct 2020 — Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Una vulnerabilidad de comprobación inapropiada del certificado en OpenVPN client en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-2, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de un c... • https://www.synology.com/security/advisory/Synology_SA_20_18 • CWE-295: Improper Certificate Validation •