59 matches found
EUVD-2022-32118
Malicious code in bioql PyPI...
EUVD-2023-59651
Malicious code in bioql PyPI...
EUVD-2024-26243
Malicious code in bioql PyPI...
EUVD-2024-26251
Malicious code in bioql PyPI...
EUVD-2024-26248
Malicious code in bioql PyPI...
EUVD-2024-26254
Malicious code in bioql PyPI...
EUVD-2022-32121
Malicious code in bioql PyPI...
CVE-2024-29235
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...
CVE-2024-29234
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-50629
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...
CVE-2024-50629
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...
CVE-2024-50630
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors...
Synology Drive Server 访问控制错误漏洞
Synology Drive Server is a collaborative office suite from Synology China. The product includes document management, collaborative office and file synchronization and backup features. An access control error vulnerability exists in Synology Drive Server versions prior to 3.0.4-12699, prior to...
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...
Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-29086)
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Improper Neutralization of Special Elements used in an OS Command (CVE-2022-27616)
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This plugin only works with...
Synology DiskStation Manager Path Traversal (CVE-2021-29087)
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
CVE-2024-29241
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors...
CVE-2024-29239
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information...