CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10443
https://notcve.org/view.php?id=CVE-2024-10443
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando ('Inyección de comando') en Task Manager component in Synology BeePhotos anteriores a 1.0.2-10026 y 1.1.0-10053 y Synology Photos anteriores a 1.6.2-0720 y 1.7.0-0795 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_18 https://www.synology.com/en-global/security/advisory/Synology_SA_24_19 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52949
https://notcve.org/view.php?id=CVE-2023-52949
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52948
https://notcve.org/view.php?id=CVE-2023-52948
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52947
https://notcve.org/view.php?id=CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52950
https://notcve.org/view.php?id=CVE-2023-52950
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 • CWE-311: Missing Encryption of Sensitive Data •