Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/h:synology:vs960hd:-
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Published: August 13, 2019; 5:15:12 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Published: August 13, 2019; 5:15:12 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9511

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Published: December 20, 2018; 4:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Published: March 06, 2018; 3:29:01 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Published: March 06, 2018; 3:29:01 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 3.5 LOW
CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: January 04, 2018; 8:29:00 AM -0500
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM