Vulnerabilities (CVE)

Filtered by vendor Synology Subscribe
Total 262 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27648 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2024-11-21 6.8 MEDIUM 8.3 HIGH
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2020-1472 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 9.3 HIGH 5.5 MEDIUM
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
CVE-2019-9518 11 Apache, Apple, Canonical and 8 more 20 Traffic Server, Mac Os X, Swiftnio and 17 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
CVE-2019-9517 12 Apache, Apple, Canonical and 9 more 25 Http Server, Traffic Server, Mac Os X and 22 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
CVE-2019-9516 12 Apache, Apple, Canonical and 9 more 21 Traffic Server, Mac Os X, Swiftnio and 18 more 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9515 12 Apache, Apple, Canonical and 9 more 24 Traffic Server, Mac Os X, Swiftnio and 21 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9514 13 Apache, Apple, Canonical and 10 more 30 Traffic Server, Mac Os X, Swiftnio and 27 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9513 12 Apache, Apple, Canonical and 9 more 22 Traffic Server, Mac Os X, Swiftnio and 19 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511 12 Apache, Apple, Canonical and 9 more 22 Traffic Server, Mac Os X, Swiftnio and 19 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9502 2 Broadcom, Synology 3 Bcm4339, Bcm4339 Firmware, Router Manager 2024-11-21 8.3 HIGH 7.9 HIGH
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVE-2019-9501 2 Broadcom, Synology 3 Bcm4339, Bcm4339 Firmware, Router Manager 2024-11-21 8.3 HIGH 7.9 HIGH
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVE-2019-9499 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-9498 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-9495 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2024-11-21 4.3 MEDIUM 3.7 LOW
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-9494 5 Fedoraproject, Freebsd, Opensuse and 2 more 8 Fedora, Freebsd, Backports Sle and 5 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
CVE-2019-3870 3 Fedoraproject, Samba, Synology 9 Fedora, Samba, Directory Server and 6 more 2024-11-21 3.6 LOW 6.1 MEDIUM
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
CVE-2019-19344 4 Canonical, Opensuse, Samba and 1 more 7 Ubuntu Linux, Leap, Samba and 4 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
CVE-2019-14907 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 2.6 LOW 6.5 MEDIUM
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2019-11829 1 Synology 1 Calendar 2024-11-21 7.5 HIGH 7.3 HIGH
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
CVE-2019-11828 1 Synology 1 Office 2024-11-21 3.5 LOW 5.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.