CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50631
https://notcve.org/view.php?id=CVE-2024-50631
19 Mar 2025 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en system syncing daemon en Synology Drive Server anterior a 3.0.4-12699, 3.2.... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50630
https://notcve.org/view.php?id=CVE-2024-50630
19 Mar 2025 — Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. La vulnerabilidad de falta de autenticación para funciones críticas en el componente webapi en Synology Drive Server anterior a 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 y 3.5.1-26102 permite a atacantes remotos obtener credenciales de administrador a través de ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50629
https://notcve.org/view.php?id=CVE-2024-50629
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors. La vulnerabilidad de codificación o escape incorrecto de la salida en el componente webapi en Synology BeeStation Manager (BSM) ante... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11131
https://notcve.org/view.php?id=CVE-2024-11131
19 Mar 2025 — A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500. Se ha detectado una vulnerabilidad relacionada con la lectura fuera de los límites en la interfaz de vídeo. Esto permite a atacantes remotos ejecutar código arbitrario mediante vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10442
https://notcve.org/view.php?id=CVE-2024-10442
19 Mar 2025 — Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. La vulnerabilidad de error de uno en uno en el componente de transmisión en Synology Replication Service anterior a 1.0.12-0066, 1.2.2-0353 y 1.3.0-0423 y Synology Unified Controll... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_22 • CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-10445
https://notcve.org/view.php?id=CVE-2024-10445
19 Mar 2025 — Improper certificate validation vulnerability in the update functionality in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to write limited files via unspecified vectors. La vulnerabilidad de validación de certificado incorrecta en la funcionalidad de actualización en Synology BeeStation Manager (BSM) ant... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2024-10441
https://notcve.org/view.php?id=CVE-2024-10441
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. La vulnerabilidad de codificación o escape incorrecto de la salida en system plugin daemon en Synology BeeStation Manager (B... • https://github.com/hazzzein/CVE-2024-10441 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10444
https://notcve.org/view.php?id=CVE-2024-10444
19 Mar 2025 — Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de validación de certificado incorrecta en las utilidades LDAP en Synology DiskStation Manager (DSM) anteriores a 7.1.1-42962-8, 7.2.1-69057-7 y 7.2.2-72806-3 permite a atacantes intermediarios secuestrar la autenticación de l... • https://www.synology.com/en-global/security/advisory/Synology_SA_25_01 • CWE-295: Improper Certificate Validation •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47266
https://notcve.org/view.php?id=CVE-2024-47266
13 Feb 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_25_02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47265
https://notcve.org/view.php?id=CVE-2024-47265
13 Feb 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_25_02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •