Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2023-52947 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. | 3.3 |
| 2024-09-26 | CVE-2023-52948 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.0 |
| 2024-09-26 | CVE-2023-52949 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.5 |
| 2024-09-26 | CVE-2023-52950 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | 5.3 |
| 2024-06-28 | CVE-2024-39350 | Unspecified vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. high complexity synology | 7.5 |
| 2024-06-28 | CVE-2023-47802 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. | 7.2 |
| 2024-06-28 | CVE-2023-47803 | Path Traversal vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. | 5.3 |
| 2024-06-28 | CVE-2024-39349 | Classic Buffer Overflow vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. | 9.8 |
| 2024-06-28 | CVE-2024-39351 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. | 7.2 |
| 2024-06-28 | CVE-2024-39352 | Incorrect Authorization vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. | 4.9 |