Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2022-49041 | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | 4.4 |
| 2024-09-26 | CVE-2023-52946 | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | 8.2 |
| 2024-09-26 | CVE-2023-52947 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. | 3.3 |
| 2024-09-26 | CVE-2023-52948 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.0 |
| 2024-09-26 | CVE-2023-52949 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.5 |
| 2024-09-26 | CVE-2023-52950 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | 5.3 |
| 2024-09-26 | CVE-2024-47330 | Missing Authorization vulnerability in Supsystic Slider and Social Share Buttons Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. | 8.8 |
| 2024-09-26 | CVE-2024-8552 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. | 4.3 |
| 2024-09-26 | CVE-2024-8723 | Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-8803 | Cross-site Scripting vulnerability in Madfishdigital Bulk Noindex & Nofollow Toolkit The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. | 6.1 |