CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

Synology Hyper Backup 路径遍历漏洞

Synology Hyper Backup is a backup management system provided by the Chinese company Synology. It offers capabilities for multi-version data backup, replication, and disaster recovery. Versions of Synology Hyper Backup prior to 4.1.2-4036 contained a path traversal vulnerability. This vulnerabilit...

EUVD-2022-32121

Malicious code in bioql PyPI...

EUVD-2024-26243

Malicious code in bioql PyPI...

EUVD-2022-32118

Malicious code in bioql PyPI...

EUVD-2023-59651

Malicious code in bioql PyPI...

EUVD-2024-26254

Malicious code in bioql PyPI...

EUVD-2024-26248

Malicious code in bioql PyPI...

EUVD-2024-26251

Malicious code in bioql PyPI...

CVE-2024-29235

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...

CVE-2024-29231

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...

CVE-2024-29234

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

CVE-2024-50630

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors...

Synology Drive Server 访问控制错误漏洞

Synology Drive Server is a collaborative office suite from Synology China. The product includes document management, collaborative office and file synchronization and backup features. An access control error vulnerability exists in Synology Drive Server versions prior to 3.0.4-12699, prior to...

CVE-2024-29229

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...

Synology DiskStation Manager Path Traversal (CVE-2021-29087)

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-29086)

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Synology DiskStation Manager Improper Neutralization of Special Elements used in an OS Command (CVE-2022-27616)

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This plugin only works with...