|
208281
|
9.8 |
CRITICAL
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available funct…
|
CWE-89
SQL Injection
|
CVE-2020-27886
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208282
|
6.8 |
MEDIUM
Physics
|
clickstudios
|
passwordstate
|
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 dig…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-27747
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208283
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
|
CWE-78
OS Command
|
CVE-2020-27744
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208284
|
6.1 |
MEDIUM
Network
|
synology
|
router_manager
|
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sens…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-27658
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208285
|
5.9 |
MEDIUM
Network
|
synology
|
router_manager
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27657
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208286
|
3.7 |
LOW
Network
|
synology
|
diskstation_manager
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication informa…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27656
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208287
|
10.0 |
CRITICAL
Network
|
synology
|
router_manager
|
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
|
CWE-269
Improper Privilege Management
|
CVE-2020-27655
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208288
|
9.8 |
CRITICAL
Network
|
synology
|
router_manager
|
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
|
CWE-269
Improper Privilege Management
|
CVE-2020-27654
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208289
|
8.3 |
HIGH
Network
|
synology
|
router_manager
diskstation_manager
|
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecifi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-27653
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208290
|
8.3 |
HIGH
Network
|
synology
|
diskstation_manager
skynas_firmware
|
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via u…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-27652
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
