CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52943
https://notcve.org/view.php?id=CVE-2023-52943
04 Dec 2024 — Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11398
https://notcve.org/view.php?id=CVE-2024-11398
04 Dec 2024 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10443
https://notcve.org/view.php?id=CVE-2024-10443
15 Nov 2024 — Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando ('Inyección de comando') en Task Manager component in Synology BeePhotos anteriores a 1.0.2-10026 y 1.1.0-1... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_18 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52949
https://notcve.org/view.php?id=CVE-2023-52949
26 Sep 2024 — Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52948
https://notcve.org/view.php?id=CVE-2023-52948
26 Sep 2024 — Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52947
https://notcve.org/view.php?id=CVE-2023-52947
26 Sep 2024 — Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52950
https://notcve.org/view.php?id=CVE-2023-52950
26 Sep 2024 — Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49041
https://notcve.org/view.php?id=CVE-2022-49041
26 Sep 2024 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49040
https://notcve.org/view.php?id=CVE-2022-49040
26 Sep 2024 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49039
https://notcve.org/view.php?id=CVE-2022-49039
26 Sep 2024 — Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-787: Out-of-bounds Write •