CVE-2024-50630

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors...

Synology Drive Server 访问控制错误漏洞

Synology Drive Server is a collaborative office suite from Synology China. The product includes document management, collaborative office and file synchronization and backup features. An access control error vulnerability exists in Synology Drive Server versions prior to 3.0.4-12699, prior to...

CVE-2020-15243

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...

CVE-2024-29229

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2023-52944

Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors...

CVE-2023-52944

Synology Surveillance Station’s ActionRule webapi vulnerability (CVE-2023-52944): an incorrect authorization flaw allows remote authenticated users to perform limited actions on the set action rules function. Affected products: Synology Surveillance Station prior to versions 9.2.0-11289 and 9.2.0...

CVE-2023-52943

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors...

CVE-2023-52943

The CVE-2023-52943 vulnerability affects Synology Surveillance Station, specifically the Alert.Setting webapi component. Affected versions are prior to 9.2.0-11289 and 9.2.0-9289. The issue is described as an incorrect authorization vulnerability that allows remote authenticated users to perform ...

Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-29086)

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Synology DiskStation Manager Path Traversal (CVE-2013-6987)

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...

Synology DiskStation Manager Path Traversal (CVE-2022-27610)

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. This plugin only works with Tenable.ot. Please...

Synology DiskStation Manager Improper Neutralization of Special Elements used in an OS Command (CVE-2022-27616)

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This plugin only works with...

Synology DiskStation Manager Path Traversal (CVE-2021-29087)

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

MAL-2024-1779 Malicious code in aspnet-webapi-auth (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors...

CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors...

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors...

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors...

CVE-2024-29239

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information...

CVE-2024-29238

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...