Synology Drive Server vulnerabilities
2 known vulnerabilities affecting synology/synology_drive_server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-50630P2HIGHCVSS 7.5≥ *, < 3.0.4-12699≥ *, < 3.5.1-26102+2 more2025-03-19
CVE-2024-50630 [HIGH] CWE-306 CVE-2024-50630: Missing authentication for critical function vulnerability in the webapi component in Synology Drive
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
nvd
CVE-2024-50631P2HIGHCVSS 7.5≥ *, < 3.5.1-26102≥ *, < 3.5.0-26085+2 more2025-03-19
CVE-2024-50631 [HIGH] CWE-89 CVE-2024-50631: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.
nvd