|
208291
|
8.1 |
HIGH
Network
|
synology
|
router_manager
|
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercept…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-27651
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208292
|
3.7 |
LOW
Network
|
synology
|
diskstation_manager
skynas_firmware
|
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by i…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-27650
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208293
|
9.0 |
CRITICAL
Network
|
synology
|
router_manager
|
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-27649
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208294
|
9.0 |
CRITICAL
Network
|
synology
|
diskstation_manager
skynas_firmware
|
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive inf…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-27648
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208295
|
6.5 |
MEDIUM
Network
|
citadel
|
webcit
|
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was r…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-27742
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208296
|
6.1 |
MEDIUM
Network
|
citadel
|
webcit
|
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was repor…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27741
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208297
|
5.3 |
MEDIUM
Network
|
citadel
|
webcit
|
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulner…
|
NVD-CWE-noinfo
|
CVE-2020-27740
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208298
|
9.8 |
CRITICAL
Network
|
citadel
|
webcit
|
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a …
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-27739
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208299
|
7.5 |
HIGH
Network
|
ti
|
z-stack
|
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Genera…
|
NVD-CWE-noinfo
|
CVE-2020-27892
|
2024-11-21 14:21 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208300
|
7.5 |
HIGH
Network
|
ti
|
z-stack
|
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExterna…
|
NVD-CWE-noinfo
|
CVE-2020-27891
|
2024-11-21 14:21 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
