Vulnerabilities > Asustor > ADM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-31 | CVE-2023-2909 | Path Traversal vulnerability in Asustor ADM EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. | 10.0 |
| 2023-04-17 | CVE-2023-30770 | Out-of-bounds Write vulnerability in Asustor ADM A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. | 9.8 |
| 2018-06-28 | CVE-2018-11510 | OS Command Injection vulnerability in Asustor ADM The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. | 9.8 |