CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49038
https://notcve.org/view.php?id=CVE-2022-49038
26 Sep 2024 — Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49037
https://notcve.org/view.php?id=CVE-2022-49037
26 Sep 2024 — Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52946
https://notcve.org/view.php?id=CVE-2023-52946
26 Sep 2024 — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
28 Jun 2024 — Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39351
https://notcve.org/view.php?id=CVE-2024-39351
28 Jun 2024 — A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47803
https://notcve.org/view.php?id=CVE-2023-47803
28 Jun 2024 — A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47802
https://notcve.org/view.php?id=CVE-2023-47802
28 Jun 2024 — A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39347 – Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-39347
21 Jun 2024 — Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewa... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-39349 – Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39349
21 Jun 2024 — A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 cameras. Authentic... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39350 – Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39350
21 Jun 2024 — A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. An attacker must first obtain the ability to execute low-privileged code on the targ... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-290: Authentication Bypass by Spoofing •