Synology Vs960hd Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Vs960hd Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2018-1160 — CVSS 9.8 (critical): Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker…
CVE-2021-26562 — CVSS 9.0 (critical): Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle…
CVE-2021-26560 — CVSS 9.0 (critical): Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before…
CVE-2021-26561 — CVSS 9.0 (critical): Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows…
CVE-2021-26565 — CVSS 8.3 (high): Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3…
CVE-2021-26566 — CVSS 8.3 (high): Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3…
CVE-2021-26564 — CVSS 8.3 (high): Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3…
CVE-2021-26563 — CVSS 8.2 (high): Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to…
CVE-2021-26567 — CVSS 7.8 (high): Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via…
CVE-2019-9517 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The…
CVE-2018-7184 — CVSS 7.5 (high): ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a…
CVE-2018-7185 — CVSS 7.5 (high): The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending…
CVE-2019-9511 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a…
CVE-2019-9513 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2019-9515 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2019-9518 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a…
CVE-2019-9516 — CVSS 6.5 (medium): Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2019-3870 — CVSS 6.1 (medium): A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD…
CVE-2017-5753 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an…
CVE-2018-7170 — CVSS 5.3 (medium): ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create…