Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Skynas
(Synology)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-13 | CVE-2019-9514 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Big\-Ip_local_traffic_manager, Fedora, Web_gateway, Cloud_insights, Trident, Node\.js, Leap, Graalvm, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_container_platform, Openshift_service_mesh, Openstack, Quay, Single_sign\-On, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware | 7.5 | ||
| 2019-08-13 | CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Nginx, Fedora, Web_gateway, Node\.js, Leap, Enterprise_communications_broker, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware | 7.5 | ||
| 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. | Hpux\-Ntp, Hci, Solidfire, Ntp, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware | 5.3 | ||
| 2018-03-06 | CVE-2018-7184 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. | Ubuntu_linux, Cloud_backup, Steelstore_cloud_integrated_storage, Ntp, Slackware_linux, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware | 7.5 | ||
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | Ubuntu_linux, Hpux\-Ntp, Hci, Solidfire, Ntp, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware | 7.5 | ||
| 2018-10-31 | CVE-2018-13281 | Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | Diskstation_manager, Skynas, Vs960hd | 4.3 | ||
| 2018-12-20 | CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware | 9.8 | ||
| 2020-01-21 | CVE-2019-14907 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as... | Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux, Storage, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas | 6.5 | ||
| 2020-01-21 | CVE-2019-19344 | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | Ubuntu_linux, Leap, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas | 6.5 | ||
| 2018-05-08 | CVE-2018-8897 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs),... | Mac_os_x, Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Enterprise_linux_server, Enterprise_linux_workstation, Enterprise_virtualization_manager, Diskstation_manager, Skynas, Xen | 7.8 |