Synology Vs960hd_firmware
22 CVEs affecting Synology Vs960hd_firmware. Latest disclosed: 2021-02-26. Critical: 4, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1160 | Critical | 9.8 | 2018-12-20 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote… |
CVE-2021-26562 | Critical | 9.0 | 2021-02-26 | Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execut… |
CVE-2021-26561 | Critical | 9.0 | 2021-02-26 | Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers t… |
CVE-2021-26560 | Critical | 9.0 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-th… |
CVE-2021-26566 | High | 8.3 | 2021-02-26 | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-midd… |
CVE-2021-26565 | High | 8.3 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle… |
CVE-2021-26564 | High | 8.3 | 2021-02-26 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle… |
CVE-2021-26563 | High | 8.2 | 2021-02-26 | Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary co… |
CVE-2021-26567 | High | 7.8 | 2021-02-26 | Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname… |
CVE-2021-3156 | High | 7.8 | 2021-01-26 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" a… |
CVE-2019-9518 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with a… |
CVE-2019-9517 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 w… |
CVE-2019-9515 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to t… |
CVE-2019-9514 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an in… |
CVE-2019-9513 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and con… |
CVE-2019-9511 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The… |
CVE-2018-7185 | High | 7.5 | 2018-03-06 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zer… |
CVE-2018-7184 | High | 7.5 | 2018-03-06 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (dis… |
CVE-2019-9516 | Medium | 6.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length… |
CVE-2019-3870 | Medium | 6.1 | 2019-04-09 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are create… |