cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47266,https://securityvulnerability.io/vulnerability/CVE-2024-47266,Path Traversal in Synology Active Backup for Business Affects User Data Access,"A Path Traversal vulnerability in Synology's Active Backup for Business allows remote authenticated users with administrator privileges to access certain files that should be restricted. This flaw exists in the share file list functionality and may let users read non-sensitive information through unspecified methods, posing a risk to data integrity and confidentiality.",Synology,Active Backup For Business,2.7,LOW,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-13T06:26:06.229Z,0
CVE-2024-47265,https://securityvulnerability.io/vulnerability/CVE-2024-47265,Path Traversal Vulnerability in Synology Active Backup for Business,"This vulnerability involves improper limitation of a pathname to a restricted directory in the encrypted share umount functionality of Synology Active Backup for Business. It allows remote authenticated users to write specific files, potentially compromising the security of sensitive data. Users running versions prior to 2.7.1-13234, 2.7.1-23234, and 2.7.1-3234 should take immediate action to secure their systems.",Synology,Active Backup For Business,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-13T06:25:55.487Z,0
CVE-2024-47264,https://securityvulnerability.io/vulnerability/CVE-2024-47264,Path Traversal Vulnerability in Synology Active Backup for Business,"A path traversal vulnerability in Synology Active Backup for Business allows remote authenticated users with admin privileges to navigate and manipulate the file directory structure. This issue could lead to the unauthorized deletion of arbitrary files, posing significant risks to data integrity and operational functionalities. It is crucial for organizations using affected versions to implement the latest security patches and monitor for any suspicious activities related to unauthorized file access.",Synology,Active Backup For Business,4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-13T06:25:31.750Z,0
CVE-2024-4464,https://securityvulnerability.io/vulnerability/CVE-2024-4464,Authorization Bypass Vulnerability in Synology Media Server,"CVE-2024-4464 is a critical authorization bypass vulnerability found in Synology Media Server versions prior to 1.4-2680, 2.0.5-3152, and 2.2.0-3325. This flaw allows remote attackers to exploit user-controlled keys, enabling them to bypass authorization mechanisms and access sensitive files through unspecified vectors. As a result, this vulnerability poses a significant risk to data integrity and confidentiality for users of the Synology Media Server. It is essential for affected users to update to the latest versions to mitigate the risk of exploitation.",Synology,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T06:15:00.000Z,0
CVE-2024-53285,https://securityvulnerability.io/vulnerability/CVE-2024-53285,Remote Code Execution via Cross-site Scripting (XSS) Vulnerability in SRM,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:38:44.332Z,0
CVE-2024-53284,https://securityvulnerability.io/vulnerability/CVE-2024-53284,Synology Router Manager (SRM) vulnerable to Cross-site Scripting (XSS),Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:32:53.245Z,0
CVE-2024-53283,https://securityvulnerability.io/vulnerability/CVE-2024-53283,Synology Router Manager (SRM) vulnerability: Arbitrary script injection through cross-site scripting,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:31:04.815Z,0
CVE-2024-53282,https://securityvulnerability.io/vulnerability/CVE-2024-53282,Arbitrary Web Script Injection Vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:43.432Z,0
CVE-2024-53281,https://securityvulnerability.io/vulnerability/CVE-2024-53281,Synology Router Manager (SRM) CVSS Score: 7.5 - Arbitrary Web Script Injection Vulnerability,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:21.508Z,0
CVE-2024-53279,https://securityvulnerability.io/vulnerability/CVE-2024-53279,Synology Router Manager (SRM) Vulnerability: Arbitrary Web Script Injection via Unspecified Vectors,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:07.550Z,0
CVE-2024-53280,https://securityvulnerability.io/vulnerability/CVE-2024-53280,Cross-site Scripting vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:29:56.369Z,0
CVE-2023-52943,https://securityvulnerability.io/vulnerability/CVE-2023-52943,Remote Authenticated Users Can Access Limited Alerting Functions via Unspecified Vectors,Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.,Synology,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T07:15:00.000Z,0
CVE-2024-11398,https://securityvulnerability.io/vulnerability/CVE-2024-11398,Remote File Deletion Vulnerability in Synology Router Manager (SRM),Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.,Synology,,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-12-04T07:15:00.000Z,0
CVE-2023-52944,https://securityvulnerability.io/vulnerability/CVE-2023-52944,Incorrect Authorization Vulnerability in Synology Surveillance Station,"An incorrect authorization vulnerability exists in the ActionRule webapi component of Synology Surveillance Station, allowing remote authenticated users to perform limited actions on the action rules function. This flaw could potentially lead to unauthorized modifications or interactions with security settings, impacting the overall integrity and security of the surveillance environment. Users are advised to update to the latest version to mitigate any associated risks.",Synology,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T07:15:00.000Z,0
CVE-2024-10443,https://securityvulnerability.io/vulnerability/CVE-2024-10443,Synology Task Manager Vulnerability Allows Arbitrary Code Execution,"A command injection vulnerability exists in the Task Manager component of Synology's BeePhotos and Synology Photos applications. This vulnerability arises due to improper neutralization of special elements used in commands, enabling remote attackers to exploit the flaw and execute arbitrary code. This situation can occur through unspecified vectors that can be leveraged to compromise the integrity of the affected products, posing significant security risks to users. It is crucial for users of the affected versions to apply the necessary updates to mitigate potential exposure.",Synology,"Beephotos,Synology Photos",9.8,CRITICAL,0.0010000000474974513,false,,true,false,false,,,false,false,,2024-11-15T10:23:51.233Z,0
CVE-2023-52949,https://securityvulnerability.io/vulnerability/CVE-2023-52949,Synology Active Backup for Business vulnerability exposed local users' credentials,Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.,Synology,Synology Active Backup For Business Agent,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:42:35.862Z,0
CVE-2023-52948,https://securityvulnerability.io/vulnerability/CVE-2023-52948,Missing Encryption of Sensitive Data in Synology Active Backup for Business Agent Could Lead to User Credentials Theft,Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.,Synology,Synology Active Backup For Business Agent,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:41:55.659Z,0
CVE-2023-52947,https://securityvulnerability.io/vulnerability/CVE-2023-52947,"Local Users Can Logout Client Via Unspecified Vectors, Backup Functionality Unaffected",Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.,Synology,Synology Active Backup For Business Agent,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:41:03.462Z,0
CVE-2023-52950,https://securityvulnerability.io/vulnerability/CVE-2023-52950,Man-in-the-Middle Attack on Synology Active Backup for Business Lets Hackers Access User Credentials,Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.,Synology,Synology Active Backup For Business Agent,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-26T03:40:25.753Z,0
CVE-2022-49041,https://securityvulnerability.io/vulnerability/CVE-2022-49041,Buffer Copy Vulnerability Affects Synology Drive Client,"A buffer overflow vulnerability exists in the backup task management feature of Synology Drive Client, affecting versions prior to 3.4.0-15721. This issue allows local users with administrative privileges to exploit the system, potentially leading to crashes of the client application through unspecified methods. Users should ensure their systems are updated to mitigate risks associated with this vulnerability.",Synology,Synology Drive Client,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:34:56.493Z,0
CVE-2022-49040,https://securityvulnerability.io/vulnerability/CVE-2022-49040,Synology Drive Client Exploited by Classic Buffer Overflow,"A buffer overflow issue exists in the connection management functionality of Synology Drive Client, specifically affecting versions prior to 3.4.0-15721. This vulnerability enables local users with administrative rights to exploit the flaw, resulting in a crash of the client application. The attack can be executed through unspecified vectors, potentially leading to disruptions in service and overall system stability.",Synology,Synology Drive Client,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:34:10.329Z,0
CVE-2022-49039,https://securityvulnerability.io/vulnerability/CVE-2022-49039,Arbitrary Command Execution Vulnerability in Synology Drive Client,"An out-of-bounds write vulnerability exists in the backup task management functionality of Synology Drive Client prior to version 3.4.0-15721. This vulnerability enables local users with administrator privileges to execute arbitrary commands through unspecified vectors, which could lead to potential unauthorized access and manipulation of system resources. Immediate action is recommended to mitigate the associated risks.",Synology,Synology Drive Client,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:33:29.551Z,0
CVE-2022-49038,https://securityvulnerability.io/vulnerability/CVE-2022-49038,Untrusted Control Sphere Vulnerability Affects Synology Drive Client,"An inclusion of functionality from an untrusted control sphere vulnerability exists within the OpenSSL DLL component of Synology Drive Client prior to version 3.3.0-15082. This flaw permits local users to execute arbitrary code, potentially compromising system integrity through unspecified attack vectors. Users are advised to upgrade to the latest version to mitigate this risk.",Synology,Synology Drive Client,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T03:33:01.093Z,0
CVE-2022-49037,https://securityvulnerability.io/vulnerability/CVE-2022-49037,Synology Drive Client vulnerability allows remote access to sensitive information,The Synology Drive Client contains a vulnerability in the proxy settings component that enables the insertion of sensitive information into log files. This flaw allows remote authenticated users to access potentially sensitive data through unspecified vectors before version 3.3.0-15082. Proper security measures should be taken to mitigate the risk associated with this issue.,Synology,Synology Drive Client,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-09-26T03:32:31.301Z,0
CVE-2023-52946,https://securityvulnerability.io/vulnerability/CVE-2023-52946,Classic Buffer Overflow Vulnerability Affects Synology Drive Client,A buffer copy without proper size validation in the vss service component of Synology Drive Client prior to version 3.5.0-16084 creates an exploitable scenario for remote attackers. This vulnerability can lead to the overwriting of trivial buffers and potentially crash the client through various unspecified vectors. It emphasizes the critical need for implementing size checks during buffer operations to prevent unauthorized access and ensure system stability.,Synology,Synology Drive Client,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-26T03:31:38.479Z,0