Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43931: Synology_SA_22_26 | Synology Inc.

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE
#vulnerability

Abstract

A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server.

Affected Products

Product

Severity

Fixed Release Availability

VPN Plus Server for SRM 1.3

Critical

Upgrade to 1.4.4-0635 or above.

VPN Plus Server for SRM 1.2

Critical

Upgrade to 1.4.3-0534 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

This issue was discovered internally by Synology PSIRT.

Revision

Revision

Date

Description

1

2022-12-30

Initial public release.

Related news

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

Categories: Exploits and vulnerabilities Categories: News Tags: Synology Tags: VPL Plus Server Tags: CVE-2022-43931 Tags: out-of-bounds write Synology has patched a critical vulnerability in the Remote Desktop feature of VPN Plus Server (Read more...) The post Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10 appeared first on Malwarebytes Labs.

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907