EUVD-2023-58032

Malicious code in bioql PyPI...

CVE-2024-5463

A vulnerability regarding buffer copy without checking the size of input 'Classic Buffer Overflow' has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...

CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2024-11131

A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500...

PT-2024-7018 · Synology · Synology Bc500 +1

Name of the Vulnerable Software and Affected Versions: Synology BC500, Synology TC500, and Synology CC400W affected versions not specified Description: The issue is related to errors in access control within the firmware of the affected cameras. It allows a remote attacker to execute arbitrary...

(Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the synocamparam.cgi module. The issue results from the lack of proper...

(Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability

This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper...

(Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-39350

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC50...

CVE-2024-39350

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC50...

CVE-2024-39350

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC50...

CVE-2024-39350

CVE-2024-39350 affects Synology Camera Firmware BC500 and TC500 with versions prior to 1.0.7-0298. The Red Hat/NVD/ZDI entries describe an authentication bypass in the RTSP functionality via spoofing that can allow a man-in-the-middle to obtain privileges without user consent. The impact is descr...

CVE-2024-39352

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before...

CVE-2024-39352

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before...

CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

CVE-2024-39349

A vulnerability regarding buffer copy without checking size of input 'Classic Buffer Overflow' is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camer...

CVE-2024-39349

A vulnerability regarding buffer copy without checking size of input 'Classic Buffer Overflow' is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camer...

CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

CVE-2023-47803

A vulnerability regarding improper limitation of a pathname to a restricted directory 'Path Traversal' is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with...

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following mode...