30 matches found
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
EUVD-2025-209957
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2025-12686
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
Synology BeeStation (BSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check
Synology BeeStation BSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Synology BeeStation (BSM) Multiple Vulnerabilities (Synology-SA-24:23) - Active Check
Synology BeeStation BSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Synology BeeStation / Synology BeeStation OS (BSM) Detection (HTTP)
HTTP based detection of Synology BeeStation and the underlying BeeStation OS BSM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-46327
Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648 Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the auth info component and can be exploited to...
EUVD-2024-54098
Malicious code in bioql PyPI...
EUVD-2024-54097
Malicious code in bioql PyPI...
EUVD-2024-54102
Malicious code in bioql PyPI...
(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of file commands. The specific flaw exists...
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syncd authentication handler. The issue results from...
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability
This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of configuration informatio...
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of tar archives. A crafted tar archive can...
(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of HTTP requests. The issue results...
The vulnerability of the Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology BeeStation OS lies in errors related to the certificate validation process. This allows attackers to create a limited number of arbitrary files.
The vulnerability of the Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and Synology BeeStation OS is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to write a limited number of arbitrary files...
CVE-2024-10445
Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...
CVE-2024-50629
Summary: CVE-2024-50629 affects Synology BeeStation OS (BSM) and DiskStation Manager (DSM). The vulnerability is in the webapi component and arises from improper encoding or escaping of output, allowing remote attackers to read limited files via unspecified vectors. Affected products/versions inc...
CVE-2024-50629
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...