CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

CVE-2024-5401

CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2024-45539

CVE-2024-45539 is an out-of-bounds write vulnerability in the CGI components of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). The flaw affects DSM versions before 7.2.1-69057-2, DSM 7.2.2-72806, and DSMUC before 3.1.4-23079. Remote attackers can cause denial of servi...

EUVD-2024-55301

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

EUVD-2024-55302

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-45538

The CVE-2024-45538 issue affects Synology DiskStation Manager (DSM) WebAPI Framework and DSMUC, enabling a CSRF vulnerability that can lead to remote arbitrary code execution. Affected are DSM versions prior to 7.2.1-69057-2, 7.2.2-72806, and DSMUC prior to 3.1.4-23079. The vulnerability is categ...

PT-2025-49026

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

PT-2025-49024

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager DSM versions prior to 7.2.1-69057-2 Synology DiskStation Manager DSM versions 7.2.1-69057-2 through 7.2.2-72806 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description A Cross-Site Request Forge...

PT-2025-49025

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager DSM versions prior to 7.2.1-69057-2 Synology DiskStation Manager DSM versions prior to 7.2.2-72806 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description An out-of-bounds write issue exists in...

PT-2025-49163

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.7.2 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A flaw...

Synology DiskStation Manager和Synology Unified Controller 缓冲区错误漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...

Synology DiskStation Manager和Synology Unified Controller 跨站请求伪造漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...

Synology DiskStation Manager和Synology Unified Controller 安全漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of Synology, a Chinese company.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS t...

EUVD-2025-200970

A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and...

CVE-2025-13949

The CVE-2025-13949 exposure affects ProudMuBai GoFilm 1.0.0/1.0.1, specifically the SingleUpload function in /server/controller/FileController.go. The vulnerability stems from improper validation/manipulation of the File parameter, enabling unrestricted file uploads. Attacks may be initiated remo...