38 matches found
CVE-2025-12686
CVE-2025-12686 is a stack-based buffer overflow in Synology BeeStation OS and BeeStation Manager’s AdminCenter/auth_info component prior to version 1.3.2-65648. The flaw arises from a buffer copy without proper input size checking, enabling remote code execution with high impact. Public sources (...
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
EUVD-2025-209957
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
Synology BeeStation OS 安全漏洞
Synology BeeStation OS is a private cloud storage and data management operating system developed by Synology, a Chinese company. Versions of Synology BeeStation OS prior to 1.3.2-65648 contained security vulnerabilities. These vulnerabilities were caused by a classic buffer overflow vulnerability...
Synology BeeStation (BSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check
Synology BeeStation BSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Synology BeeStation (BSM) Multiple Vulnerabilities (Synology-SA-24:23) - Active Check
Synology BeeStation BSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Synology BeeStation / Synology BeeStation OS (BSM) Detection (HTTP)
HTTP based detection of Synology BeeStation and the underlying BeeStation OS BSM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-46327
Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648 Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the auth info component and can be exploited to...
EUVD-2024-54097
Malicious code in bioql PyPI...
EUVD-2024-54102
Malicious code in bioql PyPI...
EUVD-2024-54098
Malicious code in bioql PyPI...
(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of file commands. The specific flaw exists...
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability
This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of configuration informatio...
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of tar archives. A crafted tar archive can...
(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of HTTP requests. The issue results...
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syncd authentication handler. The issue results from...
The vulnerability of the Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology BeeStation OS lies in errors related to the certificate validation process. This allows attackers to create a limited number of arbitrary files.
The vulnerability of the Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and Synology BeeStation OS is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to write a limited number of arbitrary files...
Exploit for CVE-2024-10441
Improper Encoding or Escaping of Output CVE-2024-10441 O...