CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47264
https://notcve.org/view.php?id=CVE-2024-47264
13 Feb 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_25_02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4464
https://notcve.org/view.php?id=CVE-2024-4464
18 Dec 2024 — Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_28 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53285
https://notcve.org/view.php?id=CVE-2024-53285
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53284
https://notcve.org/view.php?id=CVE-2024-53284
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53283
https://notcve.org/view.php?id=CVE-2024-53283
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53282
https://notcve.org/view.php?id=CVE-2024-53282
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53281
https://notcve.org/view.php?id=CVE-2024-53281
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53279
https://notcve.org/view.php?id=CVE-2024-53279
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53280
https://notcve.org/view.php?id=CVE-2024-53280
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52944
https://notcve.org/view.php?id=CVE-2023-52944
04 Dec 2024 — Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-863: Incorrect Authorization •