Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LSynology Router Manager
APPSynology1.2 – 1.2.4-8081 (bez)
Powiązane podatności
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CG...
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-053...
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synol...
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote ...
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bound...