CVE-2024-11399

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-11399

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

CVE-2023-52945

CVE-2023-52945 describes an "Uncontrolled search path element" vulnerability in the OpenSSL DLL component of Synology BeeDrive for desktop, affecting versions prior to 1.3.2-13814. The issue enables local users to trigger arbitrary code execution via unspecified vectors, with a local attack poten...

PT-2026-43577

Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.3.2-13814 Description A flaw in the redis-server component allows local users to perform denial-of-service attacks, which occur when a system is overwhelmed to the point of becoming unavailable...

Synology Active Backup for Business Agent 访问控制错误漏洞

Synology Active Backup for Business Agent is an enterprise data backup and recovery management platform developed by Synology, a Chinese company. Versions of Synology Active Backup for Business Agent prior to 3.1.0-4967 contained a access control vulnerability caused by a source verification erro...

PT-2026-43590

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 3.1.0-4967 Description An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. Recommendations Update t...

PT-2026-43591

Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...

PT-2026-43976

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 Description Sensitive information is stored in log files, which may allow a local user to read this data. Recommendations At the moment, there is no information about a newer versio...

Synology Assistant 访问控制错误漏洞

Synology Assistant is a network storage device discovery and management tool provided by the Chinese company Synology. Versions of Synology Assistant prior to 7.0.6-50085 contained a access control vulnerability caused by a source verification error. This vulnerability could allow local users to...

Synology ActiveProtect Agent 访问控制错误漏洞

Synology ActiveProtect Agent is a terminal data backup and recovery agent provided by the Chinese company Synology. Versions of Synology ActiveProtect Agent prior to 1.1.0-0439 contained a access control vulnerability caused by a source validation error. This vulnerability could allow local users...

PT-2026-43585

Name of the Vulnerable Software and Affected Versions Synology ActiveProtect Agent versions prior to 1.1.0-0439 Description An origin validation error occurs during installation, allowing local users to write arbitrary files with restricted content. Recommendations Update to version 1.1.0-0439 or...

CVE-2026-9490

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

HP LaserJet Printers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2013-4829)

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors. This plugin only...

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

Astra Linux - уязвимость в sqlite

The osunix.c file in SQLite before version 3.13.0 improperly implements the temporary directory search algorithm. This may allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impacts by leveraging the current working directory...

Astra Linux - уязвимость в beep

Beep version 1.3 and later contains a vulnerability in the External Control of File Name or Path feature in the --device option. This vulnerability allows local unprivileged users to inhibit the execution of arbitrary programs by other users, potentially leading to Denial-of-Service attacks. This...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A denial-of-service vulnerability due to a deadlock was discovered in sctpautoasconfinit in net/sctp/socket.c within the SCTP subsystem of the Linux kernel. This flaw allows users with local user privileges to trigger a deadlock and potentially cause the system to crash...

Astra Linux - уязвимость в linux, linux-5.10

A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...