Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_18 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its...
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its...
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2020-10-29 https://www.synology.com/security/advisory/Synology_SA_20_18 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the...
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.nnrnAn attacker...
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view. Date published : 2020-10-29...
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead...
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality Date published : 2020-10-29 https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. Date published : 2020-10-29 https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781 https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md