cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10443,https://securityvulnerability.io/vulnerability/CVE-2024-10443,Synology Task Manager Vulnerability Allows Arbitrary Code Execution,"A command injection vulnerability exists in the Task Manager component of Synology's BeePhotos and Synology Photos applications. This vulnerability arises due to improper neutralization of special elements used in commands, enabling remote attackers to exploit the flaw and execute arbitrary code. This situation can occur through unspecified vectors that can be leveraged to compromise the integrity of the affected products, posing significant security risks to users. It is crucial for users of the affected versions to apply the necessary updates to mitigate potential exposure.",Synology,"Beephotos,Synology Photos",9.8,CRITICAL,0.0010000000474974513,false,,true,false,false,,,false,false,,2024-11-15T10:23:51.233Z,0
CVE-2022-49038,https://securityvulnerability.io/vulnerability/CVE-2022-49038,Untrusted Control Sphere Vulnerability Affects Synology Drive Client,"An inclusion of functionality from an untrusted control sphere vulnerability exists within the OpenSSL DLL component of Synology Drive Client prior to version 3.3.0-15082. This flaw permits local users to execute arbitrary code, potentially compromising system integrity through unspecified attack vectors. Users are advised to upgrade to the latest version to mitigate this risk.",Synology,Synology Drive Client,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:33:01.093Z,0
CVE-2023-52946,https://securityvulnerability.io/vulnerability/CVE-2023-52946,Classic Buffer Overflow Vulnerability Affects Synology Drive Client,A buffer copy without proper size validation in the vss service component of Synology Drive Client prior to version 3.5.0-16084 creates an exploitable scenario for remote attackers. This vulnerability can lead to the overwriting of trivial buffers and potentially crash the client through various unspecified vectors. It emphasizes the critical need for implementing size checks during buffer operations to prevent unauthorized access and ensure system stability.,Synology,Synology Drive Client,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-26T03:31:38.479Z,0
CVE-2024-39350,https://securityvulnerability.io/vulnerability/CVE-2024-39350,Authentication Bypass Vulnerability Affects Synology Cameras,"A recently identified vulnerability in the RTSP functionality of Synology Cameras enables an authentication bypass due to spoofing. This security flaw permits man-in-the-middle attackers to gain unauthorized privileges by exploiting unspecified vectors within the affected firmware versions. The models notably impacted include the BC500 and TC500, both of which must be updated to firmware version 1.0.7-0298 or later to mitigate this risk.",Synology,Camera Firmware,7.5,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-06-28T06:55:25.157Z,0
CVE-2024-39348,https://securityvulnerability.io/vulnerability/CVE-2024-39348,Synology Router Manager (SRM) Vulnerability Allows Arbitrary Code Execution,"A vulnerability has been identified within the AirPrint functionality of Synology Router Manager (SRM) that allows for code to be downloaded without proper integrity checks. This flaw exposes systems running versions before 1.2.5-8227-11 and 1.3.1-9346-8 to potential man-in-the-middle attacks, where an attacker could execute arbitrary code by exploiting unspecified vectors. Organizations utilizing affected versions are urged to apply updates and implement security best practices to safeguard their networks.",Synology,Synology Router Manager (srm),7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T06:30:57.973Z,0
CVE-2024-39351,https://securityvulnerability.io/vulnerability/CVE-2024-39351,Arbitrary Command Execution Vulnerability in Synology Camera Firmware,"A vulnerability has been identified within Synology Camera firmware, specifically related to the improper neutralization of special elements used in OS commands. This flaw permits remote authenticated users with administrative access to execute arbitrary commands on the affected systems through unspecified methods. The models affected include the BC500 and TC500 with firmware versions prior to 1.0.7-0298. Prompt remediation is crucial to mitigate potential exploitation of this vulnerability.",Synology,Camera Firmware,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T06:07:21.260Z,0
CVE-2024-39349,https://securityvulnerability.io/vulnerability/CVE-2024-39349,Remote Code Execution Vulnerability in Synology Camera Firmware,"A vulnerability exists in the Synology Camera Firmware related to buffer copying without appropriate size checks in the libjansson component. This flaw enables remote attackers to execute arbitrary code, leveraging unspecified vectors. Affected models include the BC500 and TC500, both using firmware versions prior to 1.0.7-0298, which may expose users to significant security risks if not addressed.",Synology,Camera Firmware,9.8,CRITICAL,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-06-28T06:03:59.624Z,0
CVE-2023-47802,https://securityvulnerability.io/vulnerability/CVE-2023-47802,Arbitrary Command Execution Vulnerability in Synology Camera Firmware,"A vulnerability exists in the Synology Camera Firmware that involves improper neutralization of special elements utilized in OS commands, leading to OS Command Injection. This flaw permits remote authenticated users with administrator privileges to execute arbitrary commands on affected devices. Models at risk include the BC500 and TC500, specifically those running firmware versions prior to 1.0.7-0298. Security measures are crucial for users to prevent potential exploitation via unspecified vectors.",Synology,Camera Firmware,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T06:01:58.733Z,0
CVE-2024-29241,https://securityvulnerability.io/vulnerability/CVE-2024-29241,Bypass Security Constraints Vulnerability Affects Synology Surveillance Station,"A missing authorization vulnerability exists within the System webapi component of Synology Surveillance Station, present in versions before 9.2.0-9289 and 9.2.0-11289. This flaw allows remote authenticated users to bypass security constraints using unspecified vectors. Such exploits could potentially compromise the integrity of the application, leading to unauthorized access to sensitive data or functionalities, impacting the overall security posture of deployments using affected versions.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:28:53.632Z,0
CVE-2024-29239,https://securityvulnerability.io/vulnerability/CVE-2024-29239,SQL Injection Vulnerability in Synology Surveillance Station,"A SQL Injection vulnerability exists in the Recording.CountByCategory webapi component of Synology Surveillance Station, allowing remote authenticated users to maliciously inject SQL commands through unspecified vectors. This flaw potentially compromises the integrity and confidentiality of sensitive data within the application.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:28:31.235Z,0
CVE-2024-29238,https://securityvulnerability.io/vulnerability/CVE-2024-29238,SQL Injection Vulnerability in Synology Surveillance Station,"The vulnerability in the Log.CountByCategory web API component of Synology Surveillance Station can allow remote authenticated users to exploit improper neutralization of special elements within SQL commands. This could potentially enable them to inject arbitrary SQL commands through unvalidated inputs, posing a significant risk to the database security and the integrity of the stored data in versions prior to 9.2.0-9289 and 9.2.0-11289.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:28:14.399Z,0
CVE-2024-29237,https://securityvulnerability.io/vulnerability/CVE-2024-29237,SQL Injection Vulnerability in Synology Surveillance Station,"An SQL Injection vulnerability in the ActionRule.Delete webapi component of Synology Surveillance Station allows remote authenticated users to manipulate SQL commands through unfiltered input. This can lead to unauthorized data access and potential exposure of sensitive information, highlighting the importance of securing web applications against such vulnerabilities.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:27:39.249Z,0
CVE-2024-29236,https://securityvulnerability.io/vulnerability/CVE-2024-29236,SQL Injection Vulnerability in Synology Surveillance Station,"A security vulnerability identified in the AudioPattern.Delete webapi component of Synology Surveillance Station prior to specified versions permits remote authenticated users to execute unauthorized SQL commands. This flaw arises from improper handling of special elements in SQL commands, potentially leading to harmful database manipulations through unspecified vectors.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:27:09.078Z,0
CVE-2024-29235,https://securityvulnerability.io/vulnerability/CVE-2024-29235,SQL Injection Vulnerability in Synology Surveillance Station,"An SQL injection vulnerability exists in the IOModule.EnumLog webapi component of Synology Surveillance Station, allowing authenticated remote users to execute arbitrary SQL commands through unspecified methods. This flaw could potentially lead to unauthorized access and manipulation of the database, compromising sensitive information.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:26:32.275Z,0
CVE-2024-29234,https://securityvulnerability.io/vulnerability/CVE-2024-29234,SQL Injection Vulnerability in Synology Surveillance Station,"An SQL Injection vulnerability exists in the Group.Save webapi component of Synology's Surveillance Station, affecting versions before 9.2.0-11289 and 9.2.0-9289. This flaw permits remote authenticated users to exploit the system by injecting SQL commands through unspecified vectors, potentially compromising the integrity of the database.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:26:12.750Z,0
CVE-2024-29233,https://securityvulnerability.io/vulnerability/CVE-2024-29233,SQL Injection Vulnerability in Synology Surveillance Station,"A vulnerability exists in the Emap.Delete webapi component of Synology Surveillance Station, allowing remote authenticated users to execute unauthorized SQL commands. This issue arises from improper handling of special characters within SQL queries, which can lead to potential data exposure or manipulation. It affects versions prior to 9.2.0-9289 and 9.2.0-11289, underscoring the importance for users to update their systems to mitigate risks associated with this vulnerability.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:25:27.881Z,0
CVE-2024-29232,https://securityvulnerability.io/vulnerability/CVE-2024-29232,SQL Injection Vulnerability in Synology Surveillance Station,"A SQL Injection vulnerability exists in the Alert.Enum webapi component of Synology Surveillance Station, allowing remote authenticated users to execute arbitrary SQL commands. This flaw is due to improper neutralization of special elements in SQL commands, exposing the application to potential data breaches and unauthorized access through unspecified vectors.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:24:18.371Z,0
CVE-2024-29231,https://securityvulnerability.io/vulnerability/CVE-2024-29231,Remote Authenticated Users Can Bypass Security Constraints via Unspecified Vectors,"The UserPrivilege.Enum web API component in Synology Surveillance Station contains an improper validation of an array index vulnerability. This flaw allows remote authenticated users to bypass essential security constraints, potentially exposing sensitive data or control over the system. The issue affects versions of Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289, highlighting the importance of applying security updates to maintain system integrity. Security stakeholders should prioritize remediating this vulnerability to safeguard their installations.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:23:39.710Z,0
CVE-2024-29230,https://securityvulnerability.io/vulnerability/CVE-2024-29230,SQL Injection Vulnerability in Synology Surveillance Station,"An SQL Injection vulnerability exists in the SnapShot.CountByCategory webapi component of Synology Surveillance Station, allowing remote authenticated users to exploit it. Through various unspecified vectors, an attacker could potentially execute arbitrary SQL commands, leading to unauthorized data exposure or manipulation. This vulnerability affects versions prior to 9.2.0-9289 and 9.2.0-11289, necessitating prompt attention from users to mitigate the risks associated with this security flaw.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:22:54.365Z,0
CVE-2024-29229,https://securityvulnerability.io/vulnerability/CVE-2024-29229,Remote Authenticated Users Can Obtain Sensitive Information via Unspecified Vectors in GetLiveViewPath WebAPI Component,"A missing authorization vulnerability exists in the GetLiveViewPath webapi component of Synology Surveillance Station, affecting versions prior to 9.2.0-9289 and 9.2.0-11289. This vulnerability allows remote authenticated users to access sensitive information without proper authorization through unspecified vectors, posing a security risk to the affected system.",Synology,Surveillance Station,7.7,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-28T06:19:39.482Z,0
CVE-2024-29228,https://securityvulnerability.io/vulnerability/CVE-2024-29228,Remote Authenticated Users Can Obtain Sensitive Information via Unspecified Vectors in GetStmUrlPath WebAPI Component,"A missing authorization vulnerability found in the GetStmUrlPath component of Synology Surveillance Station allows remote authenticated users to access sensitive information through unspecified vectors. This flaw affects versions prior to 9.2.0-9289 and 9.2.0-11289, potentially exposing critical data without adequate permissions. Prompt action is recommended to address the vulnerabilities highlighted in Synology's security advisory.",Synology,Surveillance Station,7.7,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-28T06:13:20.333Z,0
CVE-2024-29227,https://securityvulnerability.io/vulnerability/CVE-2024-29227,SQL Injection Vulnerability in Synology Surveillance Station,"The vulnerability in the Layout.LayoutSave web API component of Synology Surveillance Station allows remote authenticated users to manipulate SQL commands. This flaw can be exploited through unspecified vectors, enabling attackers to execute arbitrary SQL queries, potentially compromising database integrity and confidentiality. Users should ensure their installations are updated to the latest versions to mitigate any risk associated with this issue.",Synology,Surveillance Station,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T06:08:34.641Z,0
CVE-2023-5746,https://securityvulnerability.io/vulnerability/CVE-2023-5746,External Format String Vulnerability in Synology Camera Firmware,"A vulnerability exists in the CGI component of Synology Camera Firmware, where the use of externally-controlled format strings can allow remote attackers to execute arbitrary code. Specifically, this impact is noted in the BC500 and TC500 models running firmware versions prior to 1.0.5-0185. Users are advised to upgrade their firmware to the latest version to mitigate potential security risks.",Synology,Camera Firmware,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-41738,https://securityvulnerability.io/vulnerability/CVE-2023-41738,OS Command Injection Vulnerability in Synology Router Manager,"A vulnerability in the Directory Domain Functionality of Synology Router Manager allows remote authenticated users to execute arbitrary commands. This occurs due to improper neutralization of special elements utilized in OS commands, enabling potential exploitation through unspecified vectors.",Synology,Synology Router Manager (srm),7.2,HIGH,0.001829999964684248,false,,false,false,false,,,false,false,,2023-08-31T10:15:00.000Z,0
CVE-2023-2729,https://securityvulnerability.io/vulnerability/CVE-2023-2729,Insufficient Randomness in User Management Functionality of Synology DiskStation Manager,"A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.",Synology,"DiskStation Manager (DSM),Unified Controller (DSMUC),Synology Router Manager (SRM)",7.5,HIGH,0.0013500000350177288,false,,true,false,false,,,false,false,,2023-06-13T08:15:00.000Z,0