Vulnerabilities > Synology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2022-49038 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. | 7.8 |
| 2024-09-26 | CVE-2023-52946 | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | 8.2 |
| 2024-06-28 | CVE-2024-39350 | Unspecified vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. high complexity synology | 7.5 |
| 2024-06-28 | CVE-2023-47802 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. | 7.2 |
| 2024-06-28 | CVE-2024-39351 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. | 7.2 |
| 2024-06-04 | CVE-2024-5463 | Classic Buffer Overflow vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. | 7.5 |
| 2024-03-28 | CVE-2024-29228 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29229 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29230 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29231 | Unspecified vulnerability in Synology Surveillance Station Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 8.8 |