Bing-Jhong Jheng

**Name of the Vulnerable Software and Affected Versions** Synology Media Server versions prior to 1.8.1-2876 **Description** The issue is related to a buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow' vulnerability, in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. **Recommendations** For Synology Media Server versions prior to 1.8.1-2876, update to version 1.8.1-2876 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Synology Photo Station versions prior to 6.8.14-3500 Description: The issue is related to a Path Traversal vulnerability in the file management component. This allows remote authenticated users to write arbitrary files via unspecified vectors. Recommendations: For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Synology Photo Station versions prior to 6.8.14-3500 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the thumbnail component. This allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Recommendations: For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue. As a temporary workaround, consider restricting access to the thumbnail component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Photo Station versions prior to 6.8.14-3500 **Description** The issue is related to the improper neutralization of special elements used in SQL commands, which can be exploited to execute arbitrary SQL commands. This can be done by remote authenticated users via unspecified vectors. **Recommendations** For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synology Docker versions prior to 18.09.0-0515 **Description** The issue is related to a 'Path Traversal' vulnerability in the container volume management component. This allows local users to read or write arbitrary files via unspecified vectors. **Recommendations** For versions prior to 18.09.0-0515, update to version 18.09.0-0515 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Synology Photo Station versions prior to 6.8.14-3500 Description: The issue allows remote authenticated users to execute arbitrary code via unspecified vectors due to an unrestricted upload of file with dangerous type vulnerability in the file management component. Recommendations: For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology Download Station versions prior to 3.8.15-3563 **Description** A Server-Side request forgery (SSRF) issue exists in the task management component, allowing remote authenticated users to read arbitrary files. **Recommendations** For versions prior to 3.8.15-3563, update to version 3.8.15-3563 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. **Description** The issue is a command injection vulnerability that could allow remote attackers to execute arbitrary commands if exploited. **Recommendations** For QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907, update to version 4.4.3.1421 or later to resolve the issue.