|
2019-08-13
|
CVE-2019-9514
|
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
|
Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Big\-Ip_local_traffic_manager, Fedora, Web_gateway, Cloud_insights, Trident, Leap, Graalvm, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_container_platform, Openshift_service_mesh, Openstack, Quay, Single_sign\-On, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware
|
7.5
|
|
|
|
2019-04-09
|
CVE-2019-3870
|
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is...
|
Fedora, Samba, Active_directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware
|
6.1
|
|
|
|
2019-08-13
|
CVE-2019-9513
|
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
|
Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Nginx, Leap, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware
|
7.5
|
|
|
|
2019-08-13
|
CVE-2019-9511
|
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
|
Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Nginx, Leap, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware
|
7.5
|
|
|
|
2019-08-13
|
CVE-2019-9516
|
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
|
Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Nginx, Leap, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware
|
7.5
|
|
|
|
2020-10-29
|
CVE-2020-27648
|
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
Diskstation_manager, Skynas_firmware
|
9.0
|
|
|
|
2020-10-29
|
CVE-2020-27650
|
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
|
Diskstation_manager, Skynas_firmware
|
3.7
|
|
|
|
2020-10-29
|
CVE-2020-27656
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
|
Diskstation_manager
|
3.7
|
|
|
|
2020-10-29
|
CVE-2020-27652
|
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
|
Diskstation_manager, Skynas_firmware
|
8.3
|
|
|
|
2020-10-29
|
CVE-2020-27653
|
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
|
Diskstation_manager, Router_manager
|
8.3
|
|
|